Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(365)

Side by Side Diff: third_party/WebKit/Source/core/html/ImageData.cpp

Issue 2759113003: Fixing bad casting between DOMTypedArray objects (Closed)
Patch Set: Addressing comments Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/html/ImageData.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2008 Apple Inc. All rights reserved. 2 * Copyright (C) 2008 Apple Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 268 matching lines...) Expand 10 before | Expand all | Expand 10 after
279 else if (data.isFloat32Array()) 279 else if (data.isFloat32Array())
280 bufferView = data.getAsFloat32Array(); 280 bufferView = data.getAsFloat32Array();
281 else 281 else
282 NOTREACHED(); 282 NOTREACHED();
283 283
284 if (!ImageData::validateConstructorArguments( 284 if (!ImageData::validateConstructorArguments(
285 kParamData | kParamWidth | kParamHeight, nullptr, width, height, 285 kParamData | kParamWidth | kParamHeight, nullptr, width, height,
286 bufferView, &exceptionState)) 286 bufferView, &exceptionState))
287 return nullptr; 287 return nullptr;
288 288
289 return new ImageData(IntSize(width, height), bufferView, &colorSettings); 289 return new ImageData(IntSize(width, height), bufferView, &colorSettings,
290 kStorageFormatFromBufferType);
290 } 291 }
291 292
292 ScriptPromise ImageData::createImageBitmap(ScriptState* scriptState, 293 ScriptPromise ImageData::createImageBitmap(ScriptState* scriptState,
293 EventTarget& eventTarget, 294 EventTarget& eventTarget,
294 Optional<IntRect> cropRect, 295 Optional<IntRect> cropRect,
295 const ImageBitmapOptions& options, 296 const ImageBitmapOptions& options,
296 ExceptionState& exceptionState) { 297 ExceptionState& exceptionState) {
297 if ((cropRect && 298 if ((cropRect &&
298 !ImageBitmap::isSourceSizeValid(cropRect->width(), cropRect->height(), 299 !ImageBitmap::isSourceSizeValid(cropRect->width(), cropRect->height(),
299 exceptionState)) || 300 exceptionState)) ||
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after
369 370
370 void ImageData::trace(Visitor* visitor) { 371 void ImageData::trace(Visitor* visitor) {
371 visitor->trace(m_data); 372 visitor->trace(m_data);
372 visitor->trace(m_dataU16); 373 visitor->trace(m_dataU16);
373 visitor->trace(m_dataF32); 374 visitor->trace(m_dataF32);
374 visitor->trace(m_dataUnion); 375 visitor->trace(m_dataUnion);
375 } 376 }
376 377
377 ImageData::ImageData(const IntSize& size, 378 ImageData::ImageData(const IntSize& size,
378 DOMArrayBufferView* data, 379 DOMArrayBufferView* data,
379 const ImageDataColorSettings* colorSettings) 380 const ImageDataColorSettings* colorSettings,
381 StorageFormatSource storageFormatSource)
380 : m_size(size) { 382 : m_size(size) {
381 DCHECK_GE(size.width(), 0); 383 DCHECK_GE(size.width(), 0);
382 DCHECK_GE(size.height(), 0); 384 DCHECK_GE(size.height(), 0);
383 DCHECK(data); 385 DCHECK(data);
384 386
385 m_data = nullptr; 387 m_data = nullptr;
386 m_dataU16 = nullptr; 388 m_dataU16 = nullptr;
387 m_dataF32 = nullptr; 389 m_dataF32 = nullptr;
388 390
389 if (colorSettings) { 391 if (colorSettings) {
390 m_colorSettings.setColorSpace(colorSettings->colorSpace()); 392 m_colorSettings.setColorSpace(colorSettings->colorSpace());
391 m_colorSettings.setStorageFormat(colorSettings->storageFormat()); 393 m_colorSettings.setStorageFormat(colorSettings->storageFormat());
392 } 394 }
393 395
396 // if data is provided through the JS call, override the storage format.
397 if (storageFormatSource == kStorageFormatFromBufferType) {
398 switch (data->type()) {
399 case DOMArrayBufferView::ViewType::TypeUint8Clamped:
400 m_colorSettings.setStorageFormat(kUint8ClampedArrayStorageFormatName);
401 break;
402 case DOMArrayBufferView::ViewType::TypeUint16:
403 m_colorSettings.setStorageFormat(kUint16ArrayStorageFormatName);
404 break;
405 case DOMArrayBufferView::ViewType::TypeFloat32:
406 m_colorSettings.setStorageFormat(kFloat32ArrayStorageFormatName);
407 break;
408 default:
409 NOTREACHED();
410 }
411 }
412
394 ImageDataStorageFormat storageFormat = 413 ImageDataStorageFormat storageFormat =
395 getImageDataStorageFormat(m_colorSettings.storageFormat()); 414 getImageDataStorageFormat(m_colorSettings.storageFormat());
396 415
397 switch (storageFormat) { 416 switch (storageFormat) {
398 case kUint8ClampedArrayStorageFormat: 417 case kUint8ClampedArrayStorageFormat:
418 DCHECK(data->type() == DOMArrayBufferView::ViewType::TypeUint8Clamped);
399 m_data = const_cast<DOMUint8ClampedArray*>( 419 m_data = const_cast<DOMUint8ClampedArray*>(
400 static_cast<const DOMUint8ClampedArray*>(data)); 420 static_cast<const DOMUint8ClampedArray*>(data));
421 DCHECK(m_data);
401 m_dataUnion.setUint8ClampedArray(m_data); 422 m_dataUnion.setUint8ClampedArray(m_data);
402 SECURITY_CHECK(static_cast<unsigned>(size.width() * size.height() * 4) <= 423 SECURITY_CHECK(static_cast<unsigned>(size.width() * size.height() * 4) <=
403 m_data->length()); 424 m_data->length());
404 break; 425 break;
405 426
406 case kUint16ArrayStorageFormat: 427 case kUint16ArrayStorageFormat:
428 DCHECK(data->type() == DOMArrayBufferView::ViewType::TypeUint16);
407 m_dataU16 = 429 m_dataU16 =
408 const_cast<DOMUint16Array*>(static_cast<const DOMUint16Array*>(data)); 430 const_cast<DOMUint16Array*>(static_cast<const DOMUint16Array*>(data));
431 DCHECK(m_dataU16);
409 m_dataUnion.setUint16Array(m_dataU16); 432 m_dataUnion.setUint16Array(m_dataU16);
410 SECURITY_CHECK(static_cast<unsigned>(size.width() * size.height() * 4) <= 433 SECURITY_CHECK(static_cast<unsigned>(size.width() * size.height() * 4) <=
411 m_dataU16->length()); 434 m_dataU16->length());
412 break; 435 break;
413 436
414 case kFloat32ArrayStorageFormat: 437 case kFloat32ArrayStorageFormat:
438 DCHECK(data->type() == DOMArrayBufferView::ViewType::TypeFloat32);
415 m_dataF32 = const_cast<DOMFloat32Array*>( 439 m_dataF32 = const_cast<DOMFloat32Array*>(
416 static_cast<const DOMFloat32Array*>(data)); 440 static_cast<const DOMFloat32Array*>(data));
441 DCHECK(m_dataF32);
417 m_dataUnion.setFloat32Array(m_dataF32); 442 m_dataUnion.setFloat32Array(m_dataF32);
418 SECURITY_CHECK(static_cast<unsigned>(size.width() * size.height() * 4) <= 443 SECURITY_CHECK(static_cast<unsigned>(size.width() * size.height() * 4) <=
419 m_dataF32->length()); 444 m_dataF32->length());
420 break; 445 break;
421 446
422 default: 447 default:
423 NOTREACHED(); 448 NOTREACHED();
424 } 449 }
425 } 450 }
426 451
427 } // namespace blink 452 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/html/ImageData.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698