Fix PNG decoding divide by zero error due to zero row count.
authorLei Zhang <thestig@chromium.org>
Fri, 2 Oct 2015 17:27:44 +0000 (10:27 -0700)
committerLei Zhang <thestig@chromium.org>
Fri, 2 Oct 2015 17:27:44 +0000 (10:27 -0700)
BUG=537790
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/1379243002 .

core/src/fxcodec/codec/fx_codec_flate.cpp

index e8878e4..37aecf1 100644 (file)
@@ -400,6 +400,8 @@ static FX_BOOL PNG_Predictor(uint8_t*& data_buf,
   if (row_size <= 0)
     return FALSE;
   const int row_count = (data_size + row_size) / (row_size + 1);
+  if (row_count <= 0)
+    return FALSE;
   const int last_row_size = data_size % (row_size + 1);
   uint8_t* dest_buf = FX_Alloc2D(uint8_t, row_size, row_count);
   int byte_cnt = 0;