Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix for image overflows. bug 343192. r=vlad

Browse Source 
git-svn-id: svn://10.0.0.236/trunk@203321 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
pavlov%pavlov.net 2006-07-21 00:42:03 +00:00
parent 49376d274f
commit 87f2b427f1
1 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
mozilla/gfx/src/thebes/nsThebesImage.cpp
View File

@ -72,6 +72,25 @@ nsThebesImage::Init(PRInt32 aWidth, PRInt32 aHeight, PRInt32 aDepth, nsMaskRequi
mWidth = aWidth;
mHeight = aHeight;
/* reject over-wide or over-tall images */
const PRInt32 k64KLimit = 0x0000FFFF;
if (aWidth > k64KLimit || aHeight > k64KLimit ){
NS_ERROR("image too big");
return NS_ERROR_FAILURE;
}
/* check to make sure we don't overflow a 32-bit */
PRInt32 tmp = aWidth * aHeight;
if (tmp / aHeight != aWidth) {
NS_ASSERTION(0, "width or height too large\n");
return NS_ERROR_FAILURE;
}
tmp = tmp * 4;
if (tmp / 4 != aWidth * aHeight) {
NS_ASSERTION(0, "width or height too large\n");
return NS_ERROR_FAILURE;
}
gfxImageSurface::gfxImageFormat format;
switch(aMaskRequirements)
{
@ -393,4 +412,3 @@ nsThebesImage::DrawToImage(nsIImage* aDstImage, PRInt32 aDX, PRInt32 aDY, PRInt3
return NS_OK;
}