Mercurial > mozilla-central / changeset / c00387255d25ba3567861a5fe1db3825c79bcbd5
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 922603 - Avoid signed integer overflow. r=bjacob
authorMilan Sreckovic <milan@mozilla.com>
Wed, 02 Oct 2013 10:44:53 -0400 (2013-10-02)
changeset 149915 c00387255d25ba3567861a5fe1db3825c79bcbd5
parent 149914 d9a7d1fcb34ca90dc6f4925890e818421270cdf5
child 149916 bd7bb523c5dcb9f65e1ecd5faf1333e7983f18bb
push id25405
push userphilringnalda@gmail.com
push dateSat, 05 Oct 2013 05:04:31 +0000 (2013-10-05)
treeherdermozilla-central@bd7bb523c5dc [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbjacob
bugs922603
milestone27.0a1
first release with
nightly linux32
b5d24ef1eb37 / 27.0a1 / 20131005030203 / files
nightly linux64
b5d24ef1eb37 / 27.0a1 / 20131005030203 / files
nightly mac
b5d24ef1eb37 / 27.0a1 / 20131005030203 / files
nightly win32
b5d24ef1eb37 / 27.0a1 / 20131005030203 / files
nightly win64
b5d24ef1eb37 / 27.0a1 / 20131005030203 / files
last release without
nightly linux32
8f08240128c8 / 27.0a1 / 20131004030203 / files
nightly linux64
8f08240128c8 / 27.0a1 / 20131004030203 / files
nightly mac
8f08240128c8 / 27.0a1 / 20131004030203 / files
nightly win32
8f08240128c8 / 27.0a1 / 20131004030203 / files
nightly win64
8f08240128c8 / 27.0a1 / 20131004030203 / files
Bug 922603 - Avoid signed integer overflow. r=bjacob
image/src/imgFrame.cpp file | annotate | diff | comparison | revisions 
--- a/image/src/imgFrame.cpp
+++ b/image/src/imgFrame.cpp
@@ -14,16 +14,17 @@
 
 static bool gDisableOptimize = false;
 
 #include "cairo.h"
 #include "GeckoProfiler.h"
 #include "mozilla/Likely.h"
 #include "mozilla/MemoryReporting.h"
 #include "nsMargin.h"
+#include "mozilla/CheckedInt.h"
 
 #if defined(XP_WIN)
 
 #include "gfxWindowsPlatform.h"
 
 /* Whether to use the windows surface; only for desktop win32 */
 #define USE_WIN_SURFACE 1
 
@@ -50,23 +51,18 @@ static bool AllowedImageSize(int32_t aWi
   }
 
   // protect against invalid sizes
   if (MOZ_UNLIKELY(aHeight <= 0 || aWidth <= 0)) {
     return false;
   }
 
   // check to make sure we don't overflow a 32-bit
-  int32_t tmp = aWidth * aHeight;
-  if (MOZ_UNLIKELY(tmp / aHeight != aWidth)) {
-    NS_WARNING("width or height too large");
-    return false;
-  }
-  tmp = tmp * 4;
-  if (MOZ_UNLIKELY(tmp / 4 != aWidth * aHeight)) {
+  CheckedInt32 requiredBytes = CheckedInt32(aWidth) * CheckedInt32(aHeight) * 4;
+  if (MOZ_UNLIKELY(!requiredBytes.isValid())) {
     NS_WARNING("width or height too large");
     return false;
   }
 #if defined(XP_MACOSX)
   // CoreGraphics is limited to images < 32K in *height*, so clamp all surfaces on the Mac to that height
   if (MOZ_UNLIKELY(aHeight > SHRT_MAX)) {
     NS_WARNING("image too big");
     return false;
mozilla-central
Deployed from 0549d7aefb93 at 2025-06-12T15:23:35Z.