| Index: third_party/WebKit/Source/core/css/CSSSelectorList.cpp
|
| diff --git a/third_party/WebKit/Source/core/css/CSSSelectorList.cpp b/third_party/WebKit/Source/core/css/CSSSelectorList.cpp
|
| index cd0c10f4d0170c17533d5c977e9ffcc0e4a3bbf4..6be106a6dd7779170b64a07f57e327cdb9324f4d 100644
|
| --- a/third_party/WebKit/Source/core/css/CSSSelectorList.cpp
|
| +++ b/third_party/WebKit/Source/core/css/CSSSelectorList.cpp
|
| @@ -47,7 +47,8 @@ CSSSelectorList CSSSelectorList::Copy() const {
|
| unsigned length = this->ComputeLength();
|
| list.selector_array_ =
|
| reinterpret_cast<CSSSelector*>(WTF::Partitions::FastMalloc(
|
| - sizeof(CSSSelector) * length, kCSSSelectorTypeName));
|
| + WTF::Partitions::ComputeAllocationSize(length, sizeof(CSSSelector)),
|
| + kCSSSelectorTypeName));
|
| for (unsigned i = 0; i < length; ++i)
|
| new (&list.selector_array_[i]) CSSSelector(selector_array_[i]);
|
|
|
| @@ -65,9 +66,10 @@ CSSSelectorList CSSSelectorList::AdoptSelectorVector(
|
| DCHECK(flattened_size);
|
|
|
| CSSSelectorList list;
|
| - list.selector_array_ =
|
| - reinterpret_cast<CSSSelector*>(WTF::Partitions::FastMalloc(
|
| - sizeof(CSSSelector) * flattened_size, kCSSSelectorTypeName));
|
| + list.selector_array_ = reinterpret_cast<CSSSelector*>(
|
| + WTF::Partitions::FastMalloc(WTF::Partitions::ComputeAllocationSize(
|
| + flattened_size, sizeof(CSSSelector)),
|
| + kCSSSelectorTypeName));
|
| size_t array_index = 0;
|
| for (size_t i = 0; i < selector_vector.size(); ++i) {
|
| CSSParserSelector* current = selector_vector[i].get();
|
|
|
Chromium Code Reviews
Issue 2957583004:
Check for integer overflow in allocations. (Closed)
