Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(659)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/platform/graphics/gpu/WebGLImageConversion.cpp

Issue 2528243002: Fix silent truncations when extracting values from CheckedNumeric (Closed)
Patch Set: compile cleanup and fix Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/webcrypto/algorithms/aes_cbc.cc ('K') | « third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.cpp ('k') | third_party/crashpad/crashpad/util/file/string_file.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "platform/graphics/gpu/WebGLImageConversion.h" 5 #include "platform/graphics/gpu/WebGLImageConversion.h"
6 6
7 #include "platform/graphics/ImageObserver.h" 7 #include "platform/graphics/ImageObserver.h"
8 #include "platform/graphics/cpu/arm/WebGLImageConversionNEON.h" 8 #include "platform/graphics/cpu/arm/WebGLImageConversionNEON.h"
9 #include "platform/graphics/cpu/mips/WebGLImageConversionMSA.h" 9 #include "platform/graphics/cpu/mips/WebGLImageConversionMSA.h"
10 #include "platform/graphics/cpu/x86/WebGLImageConversionSSE.h" 10 #include "platform/graphics/cpu/x86/WebGLImageConversionSSE.h"
(...skipping 2642 matching lines...) Expand 10 before | Expand all | Expand 10 after
2653 CheckedNumeric<uint32_t> tmp = width; 2653 CheckedNumeric<uint32_t> tmp = width;
2654 tmp *= bytesPerGroup; 2654 tmp *= bytesPerGroup;
2655 if (!tmp.IsValid()) 2655 if (!tmp.IsValid())
2656 return GL_INVALID_VALUE; 2656 return GL_INVALID_VALUE;
2657 lastRowSize = tmp.ValueOrDie(); 2657 lastRowSize = tmp.ValueOrDie();
2658 } else { 2658 } else {
2659 lastRowSize = checkedValue.ValueOrDie(); 2659 lastRowSize = checkedValue.ValueOrDie();
2660 } 2660 }
2661 2661
2662 unsigned padding = 0; 2662 unsigned padding = 0;
2663 unsigned residual = checkedValue.ValueOrDie() % params.alignment; 2663 unsigned residual = (checkedValue % params.alignment).ValueOrDie();
2664 if (residual) { 2664 if (residual) {
2665 padding = params.alignment - residual; 2665 padding = params.alignment - residual;
2666 checkedValue += padding; 2666 checkedValue += padding;
2667 } 2667 }
2668 if (!checkedValue.IsValid()) 2668 if (!checkedValue.IsValid())
2669 return GL_INVALID_VALUE; 2669 return GL_INVALID_VALUE;
2670 unsigned paddedRowSize = checkedValue.ValueOrDie(); 2670 unsigned paddedRowSize = checkedValue.ValueOrDie();
2671 2671
2672 CheckedNumeric<uint32_t> rows = imageHeight; 2672 CheckedNumeric<uint32_t> rows = imageHeight;
2673 rows *= (depth - 1); 2673 rows *= (depth - 1);
2674 // Last image is not affected by IMAGE_HEIGHT parameter. 2674 // Last image is not affected by IMAGE_HEIGHT parameter.
2675 rows += height; 2675 rows += height;
2676 if (!rows.IsValid()) 2676 if (!rows.IsValid())
2677 return GL_INVALID_VALUE; 2677 return GL_INVALID_VALUE;
2678 checkedValue *= (rows.ValueOrDie() - 1); 2678 checkedValue *= (rows - 1);
2679 // Last row is not affected by ROW_LENGTH parameter. 2679 // Last row is not affected by ROW_LENGTH parameter.
2680 checkedValue += lastRowSize; 2680 checkedValue += lastRowSize;
2681 if (!checkedValue.IsValid()) 2681 if (!checkedValue.IsValid())
2682 return GL_INVALID_VALUE; 2682 return GL_INVALID_VALUE;
2683 *imageSizeInBytes = checkedValue.ValueOrDie(); 2683 *imageSizeInBytes = checkedValue.ValueOrDie();
2684 if (paddingInBytes) 2684 if (paddingInBytes)
2685 *paddingInBytes = padding; 2685 *paddingInBytes = padding;
2686 2686
2687 CheckedNumeric<uint32_t> skipSize = 0; 2687 CheckedNumeric<uint32_t> skipSize = 0;
2688 if (params.skipImages > 0) { 2688 if (params.skipImages > 0) {
(...skipping 475 matching lines...) Expand 10 before | Expand all | Expand 10 after
3164 pack<WebGLImageConversion::DataFormatRGB565, 3164 pack<WebGLImageConversion::DataFormatRGB565,
3165 WebGLImageConversion::AlphaDoNothing>(srcRowStart, dstRowStart, 3165 WebGLImageConversion::AlphaDoNothing>(srcRowStart, dstRowStart,
3166 pixelsPerRow); 3166 pixelsPerRow);
3167 } break; 3167 } break;
3168 default: 3168 default:
3169 break; 3169 break;
3170 } 3170 }
3171 } 3171 }
3172 3172
3173 } // namespace blink 3173 } // namespace blink
OLDNEW
« components/webcrypto/algorithms/aes_cbc.cc ('K') | « third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.cpp ('k') | third_party/crashpad/crashpad/util/file/string_file.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698