Workaround bad bitmaps in clibpoard code

content/renderer/renderer_clipboard_client.cc

Index: content/renderer/renderer_clipboard_client.cc
diff --git a/content/renderer/renderer_clipboard_client.cc b/content/renderer/renderer_clipboard_client.cc
index c1c7c966167daa821863d9a8b1f38a77735d37db..e4f275c92ebd21261776caf35ef950ff3f1cc02d 100644
--- a/content/renderer/renderer_clipboard_client.cc
+++ b/content/renderer/renderer_clipboard_client.cc
@@ -7,6 +7,7 @@
 #include "content/renderer/renderer_clipboard_client.h"
 
 #include "base/memory/shared_memory.h"
+#include "base/numerics/safe_math.h"
 #include "base/strings/string16.h"
 #include "content/common/clipboard_messages.h"
 #include "content/public/renderer/content_renderer_client.h"
@@ -49,7 +50,13 @@ void RendererClipboardWriteContext::WriteBitmapFromPixels(
   if (shared_buf_)
     return;
 
-  uint32 buf_size = 4 * size.width() * size.height();
+  base::CheckedNumeric<uint32> checked_buf_size = 4;
+  checked_buf_size *= size.width();
+  checked_buf_size *= size.height();
+  if (!checked_buf_size.IsValid())
+    return;
+
+  uint32 buf_size = checked_buf_size.ValueOrDie();

[dcheng, 2014/05/19 23:55:22]

Maybe we should just pass the SkBitmap to ScopedClipboardWriterGlue? Then we can
just do what
https://code.google.com/p/chromium/codesearch#chromium/src/ui/base/clipboard/...
does. I'm not really sure which one is simpler though. They're both ugly =/

[piman, 2014/05/20 06:48:47]

CheckedNumeric is the security-vetted way of checking for overflow. I'd rather
use that.

 
   // Allocate a shared memory buffer to hold the bitmap bits.
   shared_buf_.reset(ChildThread::current()->AllocateSharedMemory(buf_size));