[webkit-reviews] review denied: [Bug 72864] ImageDecoder setSize() should check for backing store allocation failure : [Attachment 116066] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 21 08:09:25 PST 2011
Andreas Kling <kling at webkit.org> has denied noel gordon
<noel.gordon at gmail.com>'s request for review:
Bug 72864: ImageDecoder setSize() should check for backing store allocation
failure
https://bugs.webkit.org/show_bug.cgi?id=72864
Attachment 116066: Patch
https://bugs.webkit.org/attachment.cgi?id=116066&action=review
------- Additional Comments from Andreas Kling <kling at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=116066&action=review
Good idea!
> Source/WebCore/ChangeLog:20
> + No new tests. Covered by existing tests.
Is it really? If not, it should be pretty easy to construct a gigantic image
that still has a small file size.
> Source/WebCore/platform/image-decoders/ImageDecoder.cpp:193
> + size_t backingStoreSize = newWidth * newHeight;
This could overflow on 32-bit platforms.
> Source/WebCore/platform/image-decoders/ImageDecoder.cpp:194
> + if (!m_backingStore.tryReserveCapacity(backingStoreSize))
tryReserveCapacity() will not update Vector::m_size. You need to resize() it
after tryReserveCapacity() succeeds.
More information about the webkit-reviews
mailing list