[Webkit-unassigned] [Bug 48634] fast/images/size-failure.html results in malloc of 2 Gb after switching to WebKit image decoders
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 16 10:01:07 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=48634
--- Comment #28 from Mihai Parparita <mihaip at chromium.org> 2010-11-16 10:01:06 PST ---
(In reply to comment #27)
> This code needs a check for overflow. Doing multiplication like this without a check for overflow can lead to security problems.
ImageDecoder::isOveSize will reject image sizes that can lead to overflow issues, so we would never get here in that case. Still want me to add a check, just to be safe?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list