[webkit-reviews] review granted: [Bug 48634] fast/images/size-failure.html results in malloc of 2 Gb after switching to WebKit image decoders : [Attachment 73810] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 12 23:14:00 PST 2010
Adam Barth <abarth at webkit.org> has granted Mihai Parparita
<mihaip at chromium.org>'s request for review:
Bug 48634: fast/images/size-failure.html results in malloc of 2 Gb after
switching to WebKit image decoders
https://bugs.webkit.org/show_bug.cgi?id=48634
Attachment 73810: Patch
https://bugs.webkit.org/attachment.cgi?id=73810&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=73810&action=review
> WebCore/platform/image-decoders/cg/ImageDecoderCG.cpp:63
> + int backingStoreSize = newWidth * newHeight * sizeof(PixelData);
Is "int" the right type here? I would have expected size_t. Do we need to
check for overflow?
> WebCore/platform/image-decoders/cg/ImageDecoderCG.cpp:67
> + if (!backingStoreRef)
> + return false;
> + m_backingStore.adoptCF(backingStoreRef);
Are these the right failure semantics? I guess setSize is called exactly once.
Maybe we should ASSERT something about the state of m_backingStore at the top
of the function (e.g., that it's NULL).
More information about the webkit-reviews
mailing list