Check blue,green,red bit count in bmp_decode_rgb If the values are going to overflow, return error code, which seems to be 2. BUG=668822 Change-Id: I89b3fcf277e98d65b8c3438e6d9bb84fe62a8de9 Reviewed-on: https://pdfium-review.googlesource.com/2213 Commit-Queue: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>

commit: ff920ae3e181de9275f1d4c9b4b54fe2a7a54560 [log] [tgz]
author: Nicolas Pena <npm@chromium.org> Mon Jan 16 13:09:41 2017 -0500
committer: Chromium commit bot <commit-bot@chromium.org> Mon Jan 16 21:56:56 2017 +0000
tree: f19c447001295300d6af2928b32c18d6dc1045e0
parent: 6efd0d7464e1f02ef3cd4f1abe5c6f8e5283fbbb [diff]
diff --git a/core/fxcodec/lbmp/fx_bmp.cpp b/core/fxcodec/lbmp/fx_bmp.cpp
index fb64b36..2b072a4 100644
--- a/core/fxcodec/lbmp/fx_bmp.cpp
+++ b/core/fxcodec/lbmp/fx_bmp.cpp

@@ -358,6 +358,8 @@
         }
         green_bits += blue_bits;
         red_bits += green_bits;
+        if (blue_bits > 8 || green_bits < 8 || red_bits < 8)
+          return 2;
         blue_bits = 8 - blue_bits;
         green_bits -= 8;
         red_bits -= 8;
commit	ff920ae3e181de9275f1d4c9b4b54fe2a7a54560	[log] [tgz]
author	Nicolas Pena <npm@chromium.org>	Mon Jan 16 13:09:41 2017 -0500
committer	Chromium commit bot <commit-bot@chromium.org>	Mon Jan 16 21:56:56 2017 +0000
tree	f19c447001295300d6af2928b32c18d6dc1045e0
parent	6efd0d7464e1f02ef3cd4f1abe5c6f8e5283fbbb [diff]