Title: [87640] trunk/Source/WebCore
- Revision
- 87640
- Author
- [email protected]
- Date
- 2011-05-29 12:13:46 -0700 (Sun, 29 May 2011)
Log Message
2011-05-27 Andreas Kling <[email protected]>
Reviewed by James Robinson.
[Qt] Add area check to ImageBufferData::getImageData()
https://bugs.webkit.org/show_bug.cgi?id=61375
No change in behavior, just a sanity check.
* platform/graphics/qt/ImageBufferQt.cpp:
(WebCore::getImageData):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (87639 => 87640)
--- trunk/Source/WebCore/ChangeLog 2011-05-29 19:00:11 UTC (rev 87639)
+++ trunk/Source/WebCore/ChangeLog 2011-05-29 19:13:46 UTC (rev 87640)
@@ -1,3 +1,15 @@
+2011-05-27 Andreas Kling <[email protected]>
+
+ Reviewed by James Robinson.
+
+ [Qt] Add area check to ImageBufferData::getImageData()
+ https://bugs.webkit.org/show_bug.cgi?id=61375
+
+ No change in behavior, just a sanity check.
+
+ * platform/graphics/qt/ImageBufferQt.cpp:
+ (WebCore::getImageData):
+
2011-05-29 Beth Dakin <[email protected]>
Reviewed by Darin Adler.
Modified: trunk/Source/WebCore/platform/graphics/qt/ImageBufferQt.cpp (87639 => 87640)
--- trunk/Source/WebCore/platform/graphics/qt/ImageBufferQt.cpp 2011-05-29 19:00:11 UTC (rev 87639)
+++ trunk/Source/WebCore/platform/graphics/qt/ImageBufferQt.cpp 2011-05-29 19:13:46 UTC (rev 87640)
@@ -199,6 +199,10 @@
template <Multiply multiplied>
PassRefPtr<ByteArray> getImageData(const IntRect& rect, const ImageBufferData& imageData, const IntSize& size)
{
+ float area = 4.0f * rect.width() * rect.height();
+ if (area > static_cast<float>(std::numeric_limits<int>::max()))
+ return 0;
+
RefPtr<ByteArray> result = ByteArray::create(rect.width() * rect.height() * 4);
unsigned char* data = ""
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
