Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(742)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 519873002: Avoid OOB memcpy in chrome_pdf::CopyImage. (Closed)

Created:
6 years, 3 months ago by Tom Sepez
Modified:
6 years, 3 months ago
Reviewers:
gene, raymes
CC:
chromium-reviews, yusukes+watch_chromium.org, tzik, binji+watch_chromium.org, raymes+watch_chromium.org, teravest+watch_chromium.org, nfullagar1, piman+watch_chromium.org, noelallen1, ihf+watch_chromium.org, palmer
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Project:
chromium
Visibility:
Public.

Description

Avoid OOB memcpy in chrome_pdf::CopyImage. This is a re-work of palmer's patch at https://codereview.chromium.org/515023002/ which has more context, but comes down to stricter bounds checking. We also correct an arithmetic bug when copying the image behind a control that is positioned before the origin of the image. BUG=398384 Committed: https://crrev.com/d734d197bb5462a65c37b17594a8c8d07dd79bc1 Cr-Commit-Position: refs/heads/master@{#293213}

Patch Set 1 #

Patch Set 2 : Fix repaint issue. #

Patch Set 3 : Fix underlying math bug. #

Total comments: 1

Patch Set 4 : Don't muck with public API. #

Patch Set 5 : Rename function for clarity. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+13 lines, -4 lines) Patch
M pdf/control.cc View 1 2 1 chunk +1 line, -1 line 0 comments Download
M pdf/draw_utils.cc View 1 2 3 4 2 chunks +12 lines, -3 lines 0 comments Download

Messages

Total messages: 17 (2 generated)
Tom Sepez
Reviewers, please review: @gene - for context from previous patch @raymes - for OWNERS stamp.
6 years, 3 months ago (2014-08-29 18:14:46 UTC) #2
gene
lgtm
6 years, 3 months ago (2014-08-29 18:23:46 UTC) #3
Tom Sepez
Meh. Looks like this is causing some repaint failures (black bars while scrolling). Stay tuned.
6 years, 3 months ago (2014-08-29 21:14:07 UTC) #4
Tom Sepez
On 2014/08/29 21:14:07, Tom Sepez wrote: > Meh. Looks like this is causing some repaint ...
6 years, 3 months ago (2014-08-29 21:33:37 UTC) #5
gene
good catch, thanks! lgtm
6 years, 3 months ago (2014-08-29 21:36:07 UTC) #6
Tom Sepez
I dug a little deeper into why we're getting negative numbers in the first place, ...
6 years, 3 months ago (2014-08-29 23:26:30 UTC) #7
raymes
https://codereview.chromium.org/519873002/diff/40001/ppapi/cpp/image_data.h File ppapi/cpp/image_data.h (right): https://codereview.chromium.org/519873002/diff/40001/ppapi/cpp/image_data.h#newcode139 ppapi/cpp/image_data.h:139: bool Contains(const pp::Rect& rect) const; Technically this is a ...
6 years, 3 months ago (2014-09-01 00:42:17 UTC) #8
Tom Sepez
> What do you think? :) I think we can avoid the public API change.
6 years, 3 months ago (2014-09-02 17:19:03 UTC) #9
Tom Sepez
Raymes, please re-review.
6 years, 3 months ago (2014-09-02 17:48:21 UTC) #10
raymes
Thanks - it looks ok but I didn't review it in detail. I defer to ...
6 years, 3 months ago (2014-09-03 00:29:22 UTC) #11
Tom Sepez
@gene - we good to go? Thanks.
6 years, 3 months ago (2014-09-03 17:37:23 UTC) #12
gene
good to go! lgtm
6 years, 3 months ago (2014-09-03 17:52:19 UTC) #13
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tsepez@chromium.org/519873002/80001
6 years, 3 months ago (2014-09-03 19:10:53 UTC) #15
commit-bot: I haz the power
Committed patchset #5 (id:80001) as cd5d372f682e9034e6cac5afebaf976506ff5d25
6 years, 3 months ago (2014-09-03 23:18:56 UTC) #16
commit-bot: I haz the power
6 years, 3 months ago (2014-09-10 03:28:17 UTC) #17
Message was sent while issue was closed. 
Patchset 5 (id:??) landed as
https://crrev.com/d734d197bb5462a65c37b17594a8c8d07dd79bc1
Cr-Commit-Position: refs/heads/master@{#293213}

Powered by Google App Engine
This is Rietveld 408576698