DescriptionPrevent bad casting in ImageBitmap when calling ArrayBuffer::createOrNull
Currently when ImageBitmap's constructor is invoked, we check whether
dstSize will overflow size_t or not. The problem comes when we call
ArrayBuffer::createOrNull some times in the code.
Both parameters of ArrayBuffer::createOrNull are unsigned. In ImageBitmap
when we call this method, the first parameter is usually width * height.
This could overflow unsigned even if it has been checked safe with size_t,
the reason is that unsigned is a 32-bit value on 64-bit systems, while
size_t is a 64-bit value.
This CL makes a change such that we check whether the dstSize will overflow
unsigned or not. In this case, we can guarantee that createOrNull will not have
any crash.
BUG=664139
Committed: https://crrev.com/d59a4441697f6253e7dc3f7ae5caad6e5fd2c778
Cr-Commit-Position: refs/heads/master@{#431936}
Patch Set 1 #
Total comments: 2
Patch Set 2 : change all size_t to unsigned #
Messages
Total messages: 19 (10 generated)
|