Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(341)

Side by Side Diff: WebCore/html/canvas/DataView.cpp

Issue 5556003: Merge 73208 - Integer calculation issues in DataView constructor... (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/597/
Patch Set: Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/fast/canvas/webgl/data-view-crash-expected.txt ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2010 Google Inc. All rights reserved. 2 * Copyright (C) 2010 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 11 matching lines...) Expand all
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */ 24 */
25 25
26 #include "config.h" 26 #include "config.h"
27 27
28 #if ENABLE(3D_CANVAS) || ENABLE(BLOB) 28 #if ENABLE(3D_CANVAS) || ENABLE(BLOB)
29 29
30 #include "DataView.h" 30 #include "DataView.h"
31 31
32 #include "CheckedInt.h"
33
32 namespace { 34 namespace {
33 35
34 template<typename T> 36 template<typename T>
35 union Value { 37 union Value {
36 T data; 38 T data;
37 char bytes[sizeof(T)]; 39 char bytes[sizeof(T)];
38 }; 40 };
39 41
40 } 42 }
41 43
42 namespace WebCore { 44 namespace WebCore {
43 45
44 PassRefPtr<DataView> DataView::create(PassRefPtr<ArrayBuffer> buffer, unsigned b yteOffset, unsigned byteLength) 46 PassRefPtr<DataView> DataView::create(PassRefPtr<ArrayBuffer> buffer, unsigned b yteOffset, unsigned byteLength)
45 { 47 {
46 if (byteOffset + byteLength > buffer->byteLength()) 48 if (byteOffset > buffer->byteLength())
49 return 0;
50 CheckedInt<uint32_t> checkedOffset(byteOffset);
51 CheckedInt<uint32_t> checkedLength(byteLength);
52 CheckedInt<uint32_t> checkedMax = checkedOffset + checkedLength;
53 if (!checkedMax.valid() || checkedMax.value() > buffer->byteLength())
47 return 0; 54 return 0;
48 return adoptRef(new DataView(buffer, byteOffset, byteLength)); 55 return adoptRef(new DataView(buffer, byteOffset, byteLength));
49 } 56 }
50 57
51 DataView::DataView(PassRefPtr<ArrayBuffer> buffer, unsigned byteOffset, unsigned byteLength) 58 DataView::DataView(PassRefPtr<ArrayBuffer> buffer, unsigned byteOffset, unsigned byteLength)
52 : ArrayBufferView(buffer, byteOffset) 59 : ArrayBufferView(buffer, byteOffset)
53 , m_byteLength(byteLength) 60 , m_byteLength(byteLength)
54 { 61 {
55 } 62 }
56 63
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after
219 } 226 }
220 227
221 void DataView::setFloat64(unsigned byteOffset, double value, bool littleEndian, ExceptionCode& ec) 228 void DataView::setFloat64(unsigned byteOffset, double value, bool littleEndian, ExceptionCode& ec)
222 { 229 {
223 setData<double>(byteOffset, value, littleEndian, ec); 230 setData<double>(byteOffset, value, littleEndian, ec);
224 } 231 }
225 232
226 } 233 }
227 234
228 #endif // ENABLE(3D_CANVAS) || ENABLE(BLOB) 235 #endif // ENABLE(3D_CANVAS) || ENABLE(BLOB)
OLDNEW
« no previous file with comments | « LayoutTests/fast/canvas/webgl/data-view-crash-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698