Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: cc/resources/texture_mailbox.cc

Issue 220093002: cc: Prevent integer overflow with software TextureMailbox. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « cc/resources/texture_mailbox.h ('k') | content/browser/renderer_host/render_widget_host_view_aura.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "cc/resources/texture_mailbox.h" 5 #include "cc/resources/texture_mailbox.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "third_party/khronos/GLES2/gl2.h" 8 #include "third_party/khronos/GLES2/gl2.h"
9 9
10 namespace cc { 10 namespace cc {
11 11
12 TextureMailbox::TextureMailbox() : shared_memory_(NULL) {} 12 TextureMailbox::TextureMailbox() : shared_memory_(NULL) {}
13 13
14 TextureMailbox::TextureMailbox(const gpu::MailboxHolder& mailbox_holder) 14 TextureMailbox::TextureMailbox(const gpu::MailboxHolder& mailbox_holder)
15 : mailbox_holder_(mailbox_holder), 15 : mailbox_holder_(mailbox_holder),
16 shared_memory_(NULL), 16 shared_memory_(NULL),
17 allow_overlay_(false) {} 17 allow_overlay_(false) {}
18 18
19 TextureMailbox::TextureMailbox(const gpu::Mailbox& mailbox, 19 TextureMailbox::TextureMailbox(const gpu::Mailbox& mailbox,
20 uint32 target, 20 uint32 target,
21 uint32 sync_point) 21 uint32 sync_point)
22 : mailbox_holder_(mailbox, target, sync_point), 22 : mailbox_holder_(mailbox, target, sync_point),
23 shared_memory_(NULL), 23 shared_memory_(NULL),
24 allow_overlay_(false) {} 24 allow_overlay_(false) {}
25 25
26 TextureMailbox::TextureMailbox(base::SharedMemory* shared_memory, 26 TextureMailbox::TextureMailbox(base::SharedMemory* shared_memory,
27 const gfx::Size& size) 27 const gfx::Size& size)
28 : shared_memory_(shared_memory), 28 : shared_memory_(shared_memory),
29 shared_memory_size_(size), 29 shared_memory_size_(size),
30 allow_overlay_(false) {} 30 allow_overlay_(false) {
31 // If an embedder of cc gives an invalid TextureMailbox, we should crash
32 // safely rather than overflow.
33 CHECK(CheckedSharedMemorySizeInBytes().IsValid());
piman 2014/03/31 22:33:54 Can cc generate one for mask layers (not tiled)?
danakj 2014/03/31 22:34:50 We don't make a TextureMailbox in that case. It's
34 }
31 35
32 TextureMailbox::~TextureMailbox() {} 36 TextureMailbox::~TextureMailbox() {}
33 37
34 bool TextureMailbox::Equals(const TextureMailbox& other) const { 38 bool TextureMailbox::Equals(const TextureMailbox& other) const {
35 if (other.IsTexture()) { 39 if (other.IsTexture()) {
36 return IsTexture() && !memcmp(mailbox_holder_.mailbox.name, 40 return IsTexture() && !memcmp(mailbox_holder_.mailbox.name,
37 other.mailbox_holder_.mailbox.name, 41 other.mailbox_holder_.mailbox.name,
38 sizeof(mailbox_holder_.mailbox.name)); 42 sizeof(mailbox_holder_.mailbox.name));
39 } else if (other.IsSharedMemory()) { 43 } else if (other.IsSharedMemory()) {
40 return IsSharedMemory() && 44 return IsSharedMemory() &&
41 shared_memory_->handle() == other.shared_memory_->handle(); 45 shared_memory_->handle() == other.shared_memory_->handle();
42 } 46 }
43 47
44 DCHECK(!other.IsValid()); 48 DCHECK(!other.IsValid());
45 return !IsValid(); 49 return !IsValid();
46 } 50 }
47 51
48 size_t TextureMailbox::shared_memory_size_in_bytes() const { 52 size_t TextureMailbox::SharedMemorySizeInBytes() const {
49 return 4 * shared_memory_size_.GetArea(); 53 size_t bytes_per_pixel = 4;
54 size_t width = shared_memory_size_.width();
55 size_t height = shared_memory_size_.height();
56 return bytes_per_pixel * width * height;
57 }
58
59 base::CheckedNumeric<size_t> TextureMailbox::CheckedSharedMemorySizeInBytes()
60 const {
61 return base::CheckedNumeric<size_t>(4) *
62 base::CheckedNumeric<size_t>(shared_memory_size_.width()) *
63 base::CheckedNumeric<size_t>(shared_memory_size_.height());
50 } 64 }
51 65
52 } // namespace cc 66 } // namespace cc
OLDNEW
« no previous file with comments | « cc/resources/texture_mailbox.h ('k') | content/browser/renderer_host/render_widget_host_view_aura.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698