Bug 1500011 - Use CheckedInt more in CalculateBufferSizeForImage, r=smaug
authorNika Layzell <nika@thelayzells.com>
Thu, 18 Oct 2018 16:20:03 -0400
changeset 442401 a3fad30f081a0bcd4aeae913942fc360dbdbf30e
parent 442400 1c0823540b44ff83a6319a363aab6e017faddaf4
child 442402 77f4c84bebf05b7fddb3f5bdb8e7de0d2eb3ebd6
push id109166
push usernika@thelayzells.com
push dateTue, 23 Oct 2018 00:37:27 +0000
treeherdermozilla-inbound@a3fad30f081a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs1500011
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1500011 - Use CheckedInt more in CalculateBufferSizeForImage, r=smaug Differential Revision: https://phabricator.services.mozilla.com/D9145
dom/base/nsContentUtils.cpp
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -7863,21 +7863,26 @@ nsresult
 nsContentUtils::CalculateBufferSizeForImage(const uint32_t& aStride,
                                             const IntSize& aImageSize,
                                             const SurfaceFormat& aFormat,
                                             size_t* aMaxBufferSize,
                                             size_t* aUsedBufferSize)
 {
   CheckedInt32 requiredBytes =
     CheckedInt32(aStride) * CheckedInt32(aImageSize.height);
-  if (!requiredBytes.isValid()) {
+
+  CheckedInt32 usedBytes = requiredBytes - aStride +
+    (CheckedInt32(aImageSize.width) * BytesPerPixel(aFormat));
+  if (!usedBytes.isValid()) {
     return NS_ERROR_FAILURE;
   }
+
+  MOZ_ASSERT(requiredBytes.isValid(), "usedBytes valid but not required?");
   *aMaxBufferSize = requiredBytes.value();
-  *aUsedBufferSize = *aMaxBufferSize - aStride + (aImageSize.width * BytesPerPixel(aFormat));
+  *aUsedBufferSize = usedBytes.value();
   return NS_OK;
 }
 
 nsresult
 nsContentUtils::DataTransferItemToImage(const IPCDataTransferItem& aItem,
                                         imgIContainer** aContainer)
 {
   MOZ_ASSERT(aItem.data().type() == IPCDataTransferData::TShmem);