Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(125)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2404583002: Fix integer overflow in ObjectPainter and divide by zero in Color. (Closed)

Created:
4 years, 2 months ago by wkorman
Modified:
4 years, 2 months ago
Reviewers:
pdr., eae
CC:
ajuma+watch_chromium.org, blink-reviews, blink-reviews-paint_chromium.org, blink-reviews-platform-graphics_chromium.org, Rik, chromium-reviews, danakj+watch_chromium.org, dshwang, drott+blinkwatch_chromium.org, krit, f(malita), jbroman, Justin Novosad, pdr+graphicswatchlist_chromium.org, rwlbuis, Stephen Chennney
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix integer overflow in ObjectPainter and divide by zero in Color. BUG=652589 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Committed: https://crrev.com/c38aced892d8066f08f3babe797d0daca9f66611 Cr-Commit-Position: refs/heads/master@{#424041}

Patch Set 1 #

Total comments: 2

Patch Set 2 : Saturate. #

Patch Set 3 : Fix two typos converting to saturated. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+167 lines, -105 lines) Patch
M third_party/WebKit/Source/core/paint/ObjectPainter.cpp View 1 2 14 chunks +166 lines, -104 lines 0 comments Download
M third_party/WebKit/Source/platform/graphics/Color.cpp View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 15 (7 generated)
wkorman
For discussion -- there are more addition/subtraction ops in ObjectPainter we should technically guard. Before ...
4 years, 2 months ago (2016-10-07 22:12:31 UTC) #3
pdr.
https://codereview.chromium.org/2404583002/diff/1/third_party/WebKit/Source/core/paint/ObjectPainter.cpp File third_party/WebKit/Source/core/paint/ObjectPainter.cpp (right): https://codereview.chromium.org/2404583002/diff/1/third_party/WebKit/Source/core/paint/ObjectPainter.cpp#newcode218 third_party/WebKit/Source/core/paint/ObjectPainter.cpp:218: int safeSubtract(int a, int b) { I think you ...
4 years, 2 months ago (2016-10-07 22:14:35 UTC) #4
wkorman
Applied to all operations. We could be surgical to just the areas reported by fuzz, ...
4 years, 2 months ago (2016-10-07 23:43:19 UTC) #5
eae
OK, LGTM
4 years, 2 months ago (2016-10-07 23:46:04 UTC) #7
pdr.
Kinda ugly but safe. LGTM
4 years, 2 months ago (2016-10-08 00:02:13 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2404583002/40001
4 years, 2 months ago (2016-10-08 00:13:32 UTC) #11
commit-bot: I haz the power
Committed patchset #3 (id:40001)
4 years, 2 months ago (2016-10-08 01:59:36 UTC) #13
commit-bot: I haz the power
4 years, 2 months ago (2016-10-08 02:02:01 UTC) #15
Message was sent while issue was closed. 
Patchset 3 (id:??) landed as
https://crrev.com/c38aced892d8066f08f3babe797d0daca9f66611
Cr-Commit-Position: refs/heads/master@{#424041}

Powered by Google App Engine
This is Rietveld 408576698