Title: [94266] branches/chromium/835/Source/WebCore/webaudio/AudioBufferSourceNode.cpp
- Revision
- 94266
- Author
- crog...@google.com
- Date
- 2011-08-31 19:24:41 -0700 (Wed, 31 Aug 2011)
Log Message
Merge 94265 - Do more rigorous bounds checking in AudioBufferSourceNode::renderFromBuffer()
https://bugs.webkit.org/show_bug.cgi?id=67351
TBR=crog...@google.com
Review URL: http://codereview.chromium.org/7756026
Modified Paths
Diff
Modified: branches/chromium/835/Source/WebCore/webaudio/AudioBufferSourceNode.cpp (94265 => 94266)
--- branches/chromium/835/Source/WebCore/webaudio/AudioBufferSourceNode.cpp 2011-09-01 02:08:19 UTC (rev 94265)
+++ branches/chromium/835/Source/WebCore/webaudio/AudioBufferSourceNode.cpp 2011-09-01 02:24:41 UTC (rev 94266)
@@ -183,6 +183,12 @@
// Sanity check destinationFrameOffset, numberOfFrames.
size_t destinationLength = bus->length();
+
+ bool isLengthGood = destinationLength <= 4096 && numberOfFrames <= 4096;
+ ASSERT(isLengthGood);
+ if (!isLengthGood)
+ return;
+
bool isOffsetGood = destinationFrameOffset <= destinationLength && destinationFrameOffset + numberOfFrames <= destinationLength;
ASSERT(isOffsetGood);
if (!isOffsetGood)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
