OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2008 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 18 matching lines...) Expand all Loading... |
29 #include "config.h" | 29 #include "config.h" |
30 #include "core/html/ImageData.h" | 30 #include "core/html/ImageData.h" |
31 | 31 |
32 #include "bindings/core/v8/ExceptionState.h" | 32 #include "bindings/core/v8/ExceptionState.h" |
33 #include "bindings/core/v8/V8Uint8ClampedArray.h" | 33 #include "bindings/core/v8/V8Uint8ClampedArray.h" |
34 #include "core/dom/ExceptionCode.h" | 34 #include "core/dom/ExceptionCode.h" |
35 #include "platform/RuntimeEnabledFeatures.h" | 35 #include "platform/RuntimeEnabledFeatures.h" |
36 | 36 |
37 namespace blink { | 37 namespace blink { |
38 | 38 |
39 ImageData* ImageData::create(const IntSize& size) | 39 ImageData* ImageData::create(const IntSize& size, ExceptionState& exceptionState
) |
40 { | 40 { |
41 Checked<int, RecordOverflow> dataSize = 4; | 41 Checked<int, RecordOverflow> dataSize = 4; |
42 dataSize *= size.width(); | 42 dataSize *= size.width(); |
43 dataSize *= size.height(); | 43 dataSize *= size.height(); |
44 if (dataSize.hasOverflowed() || dataSize.unsafeGet() < 0) | 44 if (dataSize.hasOverflowed() || dataSize.unsafeGet() < 0) { |
| 45 exceptionState.throwDOMException(IndexSizeError, "The requested image si
ze exceeds the supported range."); |
45 return nullptr; | 46 return nullptr; |
| 47 } |
46 | 48 |
47 RefPtr<DOMUint8ClampedArray> byteArray = | 49 RefPtr<DOMUint8ClampedArray> byteArray = |
48 DOMUint8ClampedArray::createOrNull(dataSize.unsafeGet()); | 50 DOMUint8ClampedArray::createOrNull(dataSize.unsafeGet()); |
49 if (!byteArray) | 51 if (!byteArray) { |
| 52 exceptionState.throwRangeError("ImageData object creation failed due to
insufficient available memory."); |
50 return nullptr; | 53 return nullptr; |
| 54 } |
51 | 55 |
52 return new ImageData(size, byteArray.release()); | 56 return new ImageData(size, byteArray.release()); |
53 } | 57 } |
54 | 58 |
55 ImageData* ImageData::create(const IntSize& size, PassRefPtr<DOMUint8ClampedArra
y> byteArray) | 59 ImageData* ImageData::create(const IntSize& size, PassRefPtr<DOMUint8ClampedArra
y> byteArray) |
56 { | 60 { |
57 Checked<int, RecordOverflow> dataSize = 4; | 61 Checked<int, RecordOverflow> dataSize = 4; |
58 dataSize *= size.width(); | 62 dataSize *= size.width(); |
59 dataSize *= size.height(); | 63 dataSize *= size.height(); |
60 if (dataSize.hasOverflowed()) | 64 if (dataSize.hasOverflowed() |
| 65 || dataSize.unsafeGet() < 0 |
| 66 || static_cast<unsigned>(dataSize.unsafeGet()) > byteArray->length()) { |
61 return nullptr; | 67 return nullptr; |
62 | 68 } |
63 if (dataSize.unsafeGet() < 0 | |
64 || static_cast<unsigned>(dataSize.unsafeGet()) > byteArray->length()) | |
65 return nullptr; | |
66 | 69 |
67 return new ImageData(size, byteArray); | 70 return new ImageData(size, byteArray); |
68 } | 71 } |
69 | 72 |
70 ImageData* ImageData::create(unsigned width, unsigned height, ExceptionState& ex
ceptionState) | 73 ImageData* ImageData::create(unsigned width, unsigned height, ExceptionState& ex
ceptionState) |
71 { | 74 { |
72 if (!width || !height) { | 75 if (!width || !height) { |
73 exceptionState.throwDOMException(IndexSizeError, String::format("The sou
rce %s is zero or not a number.", width ? "height" : "width")); | 76 exceptionState.throwDOMException(IndexSizeError, String::format("The sou
rce %s is zero or not a number.", width ? "height" : "width")); |
74 return nullptr; | 77 return nullptr; |
75 } | 78 } |
76 | 79 |
77 Checked<unsigned, RecordOverflow> dataSize = 4; | 80 Checked<unsigned, RecordOverflow> dataSize = 4; |
78 dataSize *= width; | 81 dataSize *= width; |
79 dataSize *= height; | 82 dataSize *= height; |
80 if (dataSize.hasOverflowed() | 83 if (dataSize.hasOverflowed() |
81 || static_cast<int>(width) < 0 | 84 || static_cast<int>(width) < 0 |
82 || static_cast<int>(height) < 0) { | 85 || static_cast<int>(height) < 0) { |
83 exceptionState.throwDOMException(IndexSizeError, "The requested image si
ze exceeds the supported range."); | 86 exceptionState.throwDOMException(IndexSizeError, "The requested image si
ze exceeds the supported range."); |
84 return nullptr; | 87 return nullptr; |
85 } | 88 } |
86 | 89 |
87 RefPtr<DOMUint8ClampedArray> byteArray = | 90 RefPtr<DOMUint8ClampedArray> byteArray = |
88 DOMUint8ClampedArray::createOrNull(dataSize.unsafeGet()); | 91 DOMUint8ClampedArray::createOrNull(dataSize.unsafeGet()); |
89 if (!byteArray) { | 92 if (!byteArray) { |
90 exceptionState.throwDOMException(V8GeneralError, "Out of memory at Image
Data creation"); | 93 exceptionState.throwRangeError("ImageData object creation failed due to
insufficient available memory."); |
91 return nullptr; | 94 return nullptr; |
92 } | 95 } |
93 | 96 |
94 return new ImageData(IntSize(width, height), byteArray.release()); | 97 return new ImageData(IntSize(width, height), byteArray.release()); |
95 } | 98 } |
96 | 99 |
97 bool ImageData::validateConstructorArguments(DOMUint8ClampedArray* data, unsigne
d width, unsigned& lengthInPixels, ExceptionState& exceptionState) | 100 bool ImageData::validateConstructorArguments(DOMUint8ClampedArray* data, unsigne
d width, unsigned& lengthInPixels, ExceptionState& exceptionState) |
98 { | 101 { |
99 if (!width) { | 102 if (!width) { |
100 exceptionState.throwDOMException(IndexSizeError, "The source width is ze
ro or not a number."); | 103 exceptionState.throwDOMException(IndexSizeError, "The source width is ze
ro or not a number."); |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
167 { | 170 { |
168 ASSERT_WITH_SECURITY_IMPLICATION(static_cast<unsigned>(size.width() * size.h
eight() * 4) <= m_data->length()); | 171 ASSERT_WITH_SECURITY_IMPLICATION(static_cast<unsigned>(size.width() * size.h
eight() * 4) <= m_data->length()); |
169 } | 172 } |
170 | 173 |
171 void ImageData::dispose() | 174 void ImageData::dispose() |
172 { | 175 { |
173 m_data.clear(); | 176 m_data.clear(); |
174 } | 177 } |
175 | 178 |
176 } // namespace blink | 179 } // namespace blink |
OLD | NEW |