Use safe arithmetic in CFX_PSRenderer::DrawDIBits() [pdfium : main]
0 views
Skip to first unread message
Tom Sepez (Gerrit)
Apr 6, 2026, 2:24:00 PM (5 days ago) Apr 6
to Lei Zhang, Pdfium LUCI CQ, pdfium-...@googlegroups.com
Attention needed from Lei Zhang
New activity on the change![]( "Open in Gerrit")
Related details
Attention is currently required from:
- Lei Zhang
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Lei Zhang (Gerrit)
Apr 6, 2026, 4:41:32 PM (5 days ago) Apr 6
to Tom Sepez, Lei Zhang, Pdfium LUCI CQ, pdfium-...@googlegroups.com
Attention needed from Tom Sepez
Lei Zhang added 2 comments![]( "Open in Gerrit")
File core/fxge/win32/cfx_psrenderer.cpp
Line 623, Patchset 3 (Latest):
FX_SAFE_UINT32 safe_pitch = bytes_per_pixel;Lei Zhang . unresolved
Pre-existing: I wonder if this should just use `bitmap->GetPitch()` instead.
Line 627, Patchset 3 (Latest):
if (!safe_output_size.IsValid()) {Lei Zhang . unresolved
And if `bitmap` has valid dimensions and pitch, then will this ever fail?
Related details
Attention is currently required from:
- Tom Sepez
Submit Requirements:
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Tom Sepez (Gerrit)
Apr 6, 2026, 4:53:01 PM (5 days ago) Apr 6
to Lei Zhang, Pdfium LUCI CQ, pdfium-...@googlegroups.com
Attention needed from Lei Zhang
Tom Sepez added 2 comments![]( "Open in Gerrit")
File core/fxge/win32/cfx_psrenderer.cpp
Line 623, Patchset 3 (Latest):
FX_SAFE_UINT32 safe_pitch = bytes_per_pixel;Lei Zhang . unresolved
Pre-existing: I wonder if this should just use `bitmap->GetPitch()` instead.
Tom Sepez
Acknowledged
Line 627, Patchset 3 (Latest):
if (!safe_output_size.IsValid()) {Lei Zhang . resolved
And if `bitmap` has valid dimensions and pitch, then will this ever fail?
Attention is currently required from:
- Lei Zhang
Submit Requirements:
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Tom Sepez (Gerrit)
Apr 6, 2026, 5:07:37 PM (5 days ago) Apr 6
to Lei Zhang, Pdfium LUCI CQ, pdfium-...@googlegroups.com
Attention needed from Lei Zhang
Tom Sepez added 1 comment![]( "Open in Gerrit")
File core/fxge/win32/cfx_psrenderer.cpp
Line 623, Patchset 3 (Latest):
FX_SAFE_UINT32 safe_pitch = bytes_per_pixel;Lei Zhang . resolved
Tom SepezPre-existing: I wonder if this should just use `bitmap->GetPitch()` instead.
Acknowledged
Tom Sepez
Acknowledged
Related details
Attention is currently required from:
- Lei Zhang
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Tom Sepez (Gerrit)
Apr 7, 2026, 12:40:47 PM (4 days ago) Apr 7
to Lei Zhang, Pdfium LUCI CQ, pdfium-...@googlegroups.com
Attention needed from Lei Zhang
Tom Sepez added 1 comment![]( "Open in Gerrit")
Patchset-level comments
Related details
Attention is currently required from:
- Lei Zhang
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Lei Zhang (Gerrit)
Apr 7, 2026, 5:44:12 PM (4 days ago) Apr 7
to Tom Sepez, Lei Zhang, Pdfium LUCI CQ, pdfium-...@googlegroups.com
Attention needed from Tom Sepez
Lei Zhang voted and added 2 comments![]( "Open in Gerrit")
Votes added by Lei Zhang
| Code-Review | +1 |
2 comments
File core/fxge/win32/cfx_psrenderer.cpp
Line 623, Patchset 3 (Latest):
FX_SAFE_UINT32 safe_pitch = bytes_per_pixel;Lei Zhang . resolved
Tom SepezPre-existing: I wonder if this should just use `bitmap->GetPitch()` instead.
Tom SepezAcknowledged
Acknowledged
Lei Zhang
My other idea is to use `bitmap->GetPitch()` and `bitmap->GetBuffer().size()` to get `src_pitch` and `output_size`, respectively.
Line 627, Patchset 3 (Latest):
if (!safe_output_size.IsValid()) {Lei Zhang . resolved
Tom SepezAnd if `bitmap` has valid dimensions and pitch, then will this ever fail?
See linked issue for discussion.
Lei Zhang
Oh, I guess it's because it's using int here instead of uint32_t. I guess we might as well go with FX_SAFE_UINT32.
Related details
Attention is currently required from:
- Tom Sepez
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Tom Sepez (Gerrit)
Apr 7, 2026, 5:44:53 PM (4 days ago) Apr 7
to Lei Zhang, Pdfium LUCI CQ, pdfium-...@googlegroups.com
Tom Sepez voted Commit-Queue+2![]( "Open in Gerrit")
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Pdfium LUCI CQ (Gerrit)
Apr 7, 2026, 6:50:33 PM (4 days ago) Apr 7
to Tom Sepez, Lei Zhang, pdfium-...@googlegroups.com
Pdfium LUCI CQ submitted the change![]( "Open in Gerrit")
Change information
Commit message:
Use safe arithmetic in CFX_PSRenderer::DrawDIBits()
Hardening suggestion from the AI bot.
Bug: 500036290
Change-Id: Ie521629d06ba944f610b941a8c9e9505fa29aea7
Reviewed-by: Lei Zhang <the...@chromium.org>
Commit-Queue: Tom Sepez <tse...@chromium.org>
Files:
- M core/fxge/win32/cfx_psrenderer.cpp
Change size: S
Delta: 1 file changed, 10 insertions(+), 2 deletions(-)
Branch: refs/heads/main
Submit Requirements:
Code-Review: +1 by Lei Zhang
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages