Bug 604086 - Fix signed-unsigned comparison in nsHTMLCanvasElement::ExtractData; r=khuey a=bsmedberg
authorMs2ger <ms2ger@gmail.com>
Thu, 25 Nov 2010 10:10:29 +0100
changeset 58215 7662cf45a33b0f7d1c65eb7225ce5648470eb362
parent 58214 d149657bc39e1a3d52b6222348d581d662aefb4b
child 58216 73caba953b11e7740a8d181c895fbbe244c0c112
push id17205
push userdgottwald@mozilla.com
push dateThu, 25 Nov 2010 09:11:03 +0000
treeherdermozilla-central@7662cf45a33b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskhuey, bsmedberg
bugs604086
milestone2.0b8pre
first release with
nightly win64
7662cf45a33b / 4.0b8pre / 20101125044558 / files
nightly linux32
nightly linux64
nightly mac
nightly win32
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly win64
Bug 604086 - Fix signed-unsigned comparison in nsHTMLCanvasElement::ExtractData; r=khuey a=bsmedberg
content/html/content/src/nsHTMLCanvasElement.cpp
--- a/content/html/content/src/nsHTMLCanvasElement.cpp
+++ b/content/html/content/src/nsHTMLCanvasElement.cpp
@@ -286,30 +286,31 @@ nsHTMLCanvasElement::ExtractData(const n
 
   // at this point, we either need to succeed or bail.
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Generally, there will be only one chunk of data, and it will be available
   // for us to read right away, so optimize this case.
   PRUint32 bufSize;
   rv = imgStream->Available(&bufSize);
-  CheckedInt32 safeBufSize(bufSize);
+  CheckedUint32 safeBufSize(bufSize);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // ...leave a little extra room so we can call read again and make sure we
   // got everything. 16 bytes for better padding (maybe)
   safeBufSize += 16;
   NS_ENSURE_TRUE(safeBufSize.valid(), NS_ERROR_FAILURE);
   aSize = 0;
   aResult = (char*)PR_Malloc(safeBufSize.value());
   if (!aResult)
     return NS_ERROR_OUT_OF_MEMORY;
   PRUint32 numReadThisTime = 0;
   while ((rv = imgStream->Read(&aResult[aSize], safeBufSize.value() - aSize,
-                         &numReadThisTime)) == NS_OK && numReadThisTime > 0) {
+                               &numReadThisTime)) == NS_OK &&
+         numReadThisTime > 0) {
     aSize += numReadThisTime;
     if (aSize == safeBufSize.value()) {
       // need a bigger buffer, just double
       safeBufSize *= 2;
       if (!safeBufSize.valid()) {
         PR_Free(aResult);
         return NS_ERROR_FAILURE;
       }