[webkit-reviews] review granted: [Bug 222340] Streamline ImageData size calculations and handle out-of-memory : [Attachment 421418] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 24 10:18:43 PST 2021
Geoffrey Garen <ggaren at apple.com> has granted Darin Adler <darin at apple.com>'s
request for review:
Bug 222340: Streamline ImageData size calculations and handle out-of-memory
https://bugs.webkit.org/show_bug.cgi?id=222340
Attachment 421418: Patch
https://bugs.webkit.org/attachment.cgi?id=421418&action=review
--- Comment #3 from Geoffrey Garen <ggaren at apple.com> ---
Comment on attachment 421418
--> https://bugs.webkit.org/attachment.cgi?id=421418
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=421418&action=review
r=me
> Source/WebCore/html/ImageData.cpp:69
> RefPtr<ImageData> ImageData::create(const IntSize& size)
> {
> - Checked<int, RecordOverflow> dataSize = 4;
> - dataSize *= size.width();
> - dataSize *= size.height();
> + auto dataSize = ImageData::dataSize(size);
> if (dataSize.hasOverflowed())
> return nullptr;
> -
> - return adoptRef(*new ImageData(size));
> + return adoptRef(*new ImageData(size,
Uint8ClampedArray::createUninitialized(dataSize.unsafeGet())));
> }
It's kind of funny that this function will safely return null on absurd sizes
that overflow, but crash on more modest sizes that trigger allocation failure.
Should we crash on overflow too? Or return null on allocation failure instead?
More information about the webkit-reviews
mailing list