Redo range check in CPDF_SampledFunc::v_Call().
authorTom Sepez <tsepez@chromium.org>
Tue, 30 Jun 2015 19:18:55 +0000 (12:18 -0700)
committerTom Sepez <tsepez@chromium.org>
Tue, 30 Jun 2015 19:18:55 +0000 (12:18 -0700)
commit74742a75ac7a07c08cf36fe6f4eaa91bed8236a3
treecd7863a159b4c8dd691aa280efee56158e1ee42e
parentc01c977c9c6e56faf709400547c9b085b8972024
Redo range check in CPDF_SampledFunc::v_Call().

The current |bitpos1| calculation protects the passed argument to
_GetBits32(): |bitpos.ValueOrDie() + j * m_nBitsPerSample|, but doesn't
account for adding in the sample length in that routine.

Also bound bits per sample to something reasonable to avoid undefined
behaviour on the shift to compute the max value.

BUG=471990
R=jun_fang@foxitsoftware.com

Review URL: https://codereview.chromium.org/1219663003.
core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp
fpdfsdk/src/fpdfview_embeddertest.cpp
testing/resources/bug_471990.in [new file with mode: 0644]
testing/resources/bug_471990.pdf [new file with mode: 0644]