Title: [207560] trunk/Source/WebCore
- Revision
- 207560
- Author
- ddkil...@apple.com
- Date
- 2016-10-19 12:52:38 -0700 (Wed, 19 Oct 2016)
Log Message
Bug 163670: Refine assertions in WebCore::ImageData constructors
<https://webkit.org/b/163670>
<rdar://problem/27497338>
Reviewed by Brent Fulgham.
No new tests because there is no change in nominal behavior.
* html/ImageData.cpp:
(WebCore::ImageData::ImageData(const IntSize&)): Change to use
ASSERT() since the worst-case scenario here is a nullptr deref.
Switch to IntSize::area() to compute the area.
(WebCore::ImageData::ImageData(const IntSize&, Ref<Uint8ClampedArray>&&)):
Add ASSERT() identical to the previous constructor, and change
ASSERT_WITH_SECURITY_IMPLICATION() to only fire when m_data is
not nullptr and the length check fails. Switch to
IntSize::area() to compute the area.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (207559 => 207560)
--- trunk/Source/WebCore/ChangeLog 2016-10-19 19:50:40 UTC (rev 207559)
+++ trunk/Source/WebCore/ChangeLog 2016-10-19 19:52:38 UTC (rev 207560)
@@ -1,3 +1,23 @@
+2016-10-19 David Kilzer <ddkil...@apple.com>
+
+ Bug 163670: Refine assertions in WebCore::ImageData constructors
+ <https://webkit.org/b/163670>
+ <rdar://problem/27497338>
+
+ Reviewed by Brent Fulgham.
+
+ No new tests because there is no change in nominal behavior.
+
+ * html/ImageData.cpp:
+ (WebCore::ImageData::ImageData(const IntSize&)): Change to use
+ ASSERT() since the worst-case scenario here is a nullptr deref.
+ Switch to IntSize::area() to compute the area.
+ (WebCore::ImageData::ImageData(const IntSize&, Ref<Uint8ClampedArray>&&)):
+ Add ASSERT() identical to the previous constructor, and change
+ ASSERT_WITH_SECURITY_IMPLICATION() to only fire when m_data is
+ not nullptr and the length check fails. Switch to
+ IntSize::area() to compute the area.
+
2016-10-19 Myles C. Maxfield <mmaxfi...@apple.com>
[macOS] [iOS] Disable variation fonts on macOS El Capitan and iOS 9
Modified: trunk/Source/WebCore/html/ImageData.cpp (207559 => 207560)
--- trunk/Source/WebCore/html/ImageData.cpp 2016-10-19 19:50:40 UTC (rev 207559)
+++ trunk/Source/WebCore/html/ImageData.cpp 2016-10-19 19:52:38 UTC (rev 207560)
@@ -113,9 +113,9 @@
ImageData::ImageData(const IntSize& size)
: m_size(size)
- , m_data(Uint8ClampedArray::createUninitialized(size.width() * size.height() * 4))
+ , m_data(Uint8ClampedArray::createUninitialized(size.area() * 4))
{
- ASSERT_WITH_SECURITY_IMPLICATION(m_data);
+ ASSERT(m_data);
}
ImageData::ImageData(const IntSize& size, Ref<Uint8ClampedArray>&& byteArray)
@@ -122,7 +122,8 @@
: m_size(size)
, m_data(WTFMove(byteArray))
{
- ASSERT_WITH_SECURITY_IMPLICATION(static_cast<unsigned>(size.width() * size.height() * 4) <= m_data->length());
+ ASSERT(m_data);
+ ASSERT_WITH_SECURITY_IMPLICATION(!m_data || (size.area() * 4) <= m_data->length());
}
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
