Fix BMP image header parser and detector
Bug: None
Change-Id: I9f64a27af77affa80c86d7bfbb9eca56e3541dde
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/61410
Auto-Submit: Kuang-che Wu <kcwu@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
diff --git a/core/fxcodec/bmp/cfx_bmpdecompressor.cpp b/core/fxcodec/bmp/cfx_bmpdecompressor.cpp
index 34c03da..0713429 100644
--- a/core/fxcodec/bmp/cfx_bmpdecompressor.cpp
+++ b/core/fxcodec/bmp/cfx_bmpdecompressor.cpp
@@ -104,10 +104,13 @@
NOTREACHED();
}
+ size_t pos = input_buffer_->GetPosition();
if (!ReadData(reinterpret_cast<uint8_t*>(&img_ifh_size_),
sizeof(img_ifh_size_))) {
return false;
}
+ if (!input_buffer_->Seek(pos))
+ return false;
img_ifh_size_ =
FXDWORD_GET_LSBFIRST(reinterpret_cast<uint8_t*>(&img_ifh_size_));
diff --git a/core/fxcodec/progressivedecoder.cpp b/core/fxcodec/progressivedecoder.cpp
index 4e755ed..87223d6 100644
--- a/core/fxcodec/progressivedecoder.cpp
+++ b/core/fxcodec/progressivedecoder.cpp
@@ -747,9 +747,8 @@
return false;
}
- uint32_t availableData = m_pCodecMemory->GetSize() > m_offSet
- ? m_pCodecMemory->GetSize() - m_offSet
- : 0;
+ uint32_t availableData = m_pFile->GetSize() - m_offSet +
+ pBmpModule->GetAvailInput(pBmpContext.get());
if (neededData > availableData) {
m_status = FXCODEC_STATUS_ERR_FORMAT;
return false;