| Index: ui/gl/gl_surface_osmesa.cc
|
| diff --git a/ui/gl/gl_surface_osmesa.cc b/ui/gl/gl_surface_osmesa.cc
|
| index 4c491664e299e93d5b377cbe4ad9b195c3e760ad..7f1b1ad881d0bc1b6b2ce5a99a0bf6e80188ae89 100644
|
| --- a/ui/gl/gl_surface_osmesa.cc
|
| +++ b/ui/gl/gl_surface_osmesa.cc
|
| @@ -3,6 +3,7 @@
|
| // found in the LICENSE file.
|
|
|
| #include "base/logging.h"
|
| +#include "base/numerics/safe_math.h"
|
| #include "third_party/mesa/src/include/GL/osmesa.h"
|
| #include "ui/gl/gl_bindings.h"
|
| #include "ui/gl/gl_context.h"
|
| @@ -50,8 +51,17 @@ bool GLSurfaceOSMesa::Resize(const gfx::Size& new_size) {
|
| // Preserve the old buffer.
|
| scoped_ptr<int32[]> old_buffer(buffer_.release());
|
|
|
| + base::CheckedNumeric<int> checked_size = sizeof(buffer_[0]);
|
| + checked_size *= new_size.width();
|
| + checked_size *= new_size.height();
|
| + if (!checked_size.IsValid())
|
| + return false;
|
| +
|
| // Allocate a new one.
|
| buffer_.reset(new int32[new_size.GetArea()]);
|
| + if (!buffer_.get())
|
| + return false;
|
| +
|
| memset(buffer_.get(), 0, new_size.GetArea() * sizeof(buffer_[0]));
|
|
|
| // Copy the old back buffer into the new buffer.
|
|
|
Chromium Code Reviews
Issue 935333002:
Update from https://crrev.com/316786 (Closed)
Base URL: git@github.com:domokit/mojo.git@master