| Index: third_party/WebKit/Source/core/html/ImageData.cpp
|
| diff --git a/third_party/WebKit/Source/core/html/ImageData.cpp b/third_party/WebKit/Source/core/html/ImageData.cpp
|
| index d95e8e455db2307757b71dd539e8ead43a4d818f..32726d5aef74e76fa1f9a1d4a83ba2c63ad13014 100644
|
| --- a/third_party/WebKit/Source/core/html/ImageData.cpp
|
| +++ b/third_party/WebKit/Source/core/html/ImageData.cpp
|
| @@ -39,10 +39,10 @@
|
| namespace blink {
|
|
|
| ImageData* ImageData::create(const IntSize& size) {
|
| - CheckedNumeric<int> dataSize = 4;
|
| + CheckedNumeric<unsigned> dataSize = 4;
|
| dataSize *= size.width();
|
| dataSize *= size.height();
|
| - if (!dataSize.IsValid() || dataSize.ValueOrDie() < 0)
|
| + if (!dataSize.IsValid())
|
| return nullptr;
|
|
|
| DOMUint8ClampedArray* byteArray =
|
| @@ -55,14 +55,13 @@ ImageData* ImageData::create(const IntSize& size) {
|
|
|
| ImageData* ImageData::create(const IntSize& size,
|
| DOMUint8ClampedArray* byteArray) {
|
| - CheckedNumeric<int> dataSize = 4;
|
| + CheckedNumeric<unsigned> dataSize = 4;
|
| dataSize *= size.width();
|
| dataSize *= size.height();
|
| if (!dataSize.IsValid())
|
| return nullptr;
|
|
|
| - if (dataSize.ValueOrDie() < 0 ||
|
| - static_cast<unsigned>(dataSize.ValueOrDie()) > byteArray->length())
|
| + if (!dataSize.IsValid() || dataSize.ValueOrDie() > byteArray->length())
|
| return nullptr;
|
|
|
| return new ImageData(size, byteArray);
|
|
|
Chromium Code Reviews
Issue 2528243002:
Fix silent truncations when extracting values from CheckedNumeric (Closed)
