Bug 893824 - Don't allow 0 sized SourceSurfaces with Moz2D. r=jrmuizel
☠☠ backed out by 5e1009e4b1e1 ☠ ☠
authorMatt Woodrow <mwoodrow@mozilla.com>
Mon, 15 Jul 2013 13:28:04 -0400
changeset 153323 8b67eb363e5c0e8e773e4b4cb4dec38af8651474
parent 153322 0b0a0b49174071bb5ac12a5c5f6552647af2ad6d
child 153324 86269ff48a4c1055776182a6696f39b0030c3276
push id2859
push userakeybl@mozilla.com
push dateMon, 16 Sep 2013 19:14:59 +0000
treeherdermozilla-beta@87d3c51cd2bf [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjrmuizel
bugs893824
milestone25.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 893824 - Don't allow 0 sized SourceSurfaces with Moz2D. r=jrmuizel
gfx/2d/Factory.cpp
gfx/2d/SourceSurfaceCG.cpp
--- a/gfx/2d/Factory.cpp
+++ b/gfx/2d/Factory.cpp
@@ -568,16 +568,20 @@ Factory::CreateDrawTargetForCairoCGConte
 }
 #endif
 
 TemporaryRef<DataSourceSurface>
 Factory::CreateWrappingDataSourceSurface(uint8_t *aData, int32_t aStride,
                                          const IntSize &aSize,
                                          SurfaceFormat aFormat)
 {
+  if (aSize.width <= 0 || aSize.height <= 0) {
+    return nullptr;
+  }
+
   RefPtr<SourceSurfaceRawData> newSurf = new SourceSurfaceRawData();
 
   if (newSurf->InitWrappingData(aData, aSize, aStride, aFormat, false)) {
     return newSurf;
   }
 
   return nullptr;
 }
--- a/gfx/2d/SourceSurfaceCG.cpp
+++ b/gfx/2d/SourceSurfaceCG.cpp
@@ -152,22 +152,31 @@ DataSourceSurfaceCG::GetSize() const
 }
 
 bool
 DataSourceSurfaceCG::InitFromData(unsigned char *aData,
                                const IntSize &aSize,
                                int32_t aStride,
                                SurfaceFormat aFormat)
 {
+  if (aSize.width <= 0 || aSize.height <= 0) {
+    return false;
+  }
+
   void *data = malloc(aStride * aSize.height);
   memcpy(data, aData, aStride * aSize.height);
 
   mImage = CreateCGImage(data, data, aSize, aStride, aFormat);
 
-  return mImage;
+  if (!mImage) {
+    delete data;
+    return false;
+  }
+
+  return true;
 }
 
 CGContextRef CreateBitmapContextForImage(CGImageRef image)
 {
   CGColorSpaceRef colorSpace;
 
   size_t width  = CGImageGetWidth(image);
   size_t height = CGImageGetHeight(image);