[webkit-changes] [WebKit/WebKit] 0ed122: Fix possible integer overflow when calculating the...

Said Abou-Hallawa noreply at github.com
Wed Sep 4 17:00:10 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 0ed1220736b844ff321a946f898a43afc48aa446
      https://github.com/WebKit/WebKit/commit/0ed1220736b844ff321a946f898a43afc48aa446
  Author: Said Abou-Hallawa <said at apple.com>
  Date:   2024-09-04 (Wed, 04 Sep 2024)

  Changed paths:
    A LayoutTests/fast/images/image-size-unsigned-overflow-expected.txt
    A LayoutTests/fast/images/image-size-unsigned-overflow.html
    A LayoutTests/fast/images/resources/512752x256376.jpg
    M LayoutTests/platform/glib/TestExpectations
    M LayoutTests/platform/win/TestExpectations
    M Source/WebCore/platform/graphics/BitmapImageDescriptor.cpp
    M Source/WebCore/platform/graphics/BitmapImageSource.cpp

  Log Message:
  -----------
  Fix possible integer overflow when calculating the image frame size in bytes
https://bugs.webkit.org/show_bug.cgi?id=279108
rdar://134343651

Reviewed by Simon Fraser.

Instead of calling IntSize::area(), call IntSize::unclampedArea() to avoid integer
overflow when calculating the size of an imagre frame. The overflow will happen
if the size of the image is larager than 4G pixels.

* LayoutTests/fast/images/image-size-unsigned-overflow-expected.txt: Added.
* LayoutTests/fast/images/image-size-unsigned-overflow.html: Added.
* LayoutTests/fast/images/resources/512752x256376.jpg: Added.
* LayoutTests/platform/glib/TestExpectations:
* LayoutTests/platform/win/TestExpectations:
JPEGXLImageDecoder::tryDecodeSize() crashes when decoding the new added image.

* Source/WebCore/platform/graphics/BitmapImageDescriptor.cpp:
(WebCore::BitmapImageDescriptor::maximumSubsamplingLevel const):
* Source/WebCore/platform/graphics/BitmapImageSource.cpp:
(WebCore::BitmapImageSource::isLargeForDecoding const):
(WebCore::BitmapImageSource::cacheNativeImageAtIndex):

Canonical link: https://commits.webkit.org/283179@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list