Bug 1500011 - Use CheckedInt more in CalculateBufferSizeForImage, r=smaug
authorNika Layzell <nika@thelayzells.com>
Thu, 18 Oct 2018 16:20:03 -0400
changeset 490733 a3fad30f081a0bcd4aeae913942fc360dbdbf30e
parent 490732 1c0823540b44ff83a6319a363aab6e017faddaf4
child 490734 77f4c84bebf05b7fddb3f5bdb8e7de0d2eb3ebd6
push id247
push userfmarier@mozilla.com
push dateSat, 27 Oct 2018 01:06:44 +0000
reviewerssmaug
bugs1500011
milestone65.0a1
Bug 1500011 - Use CheckedInt more in CalculateBufferSizeForImage, r=smaug Differential Revision: https://phabricator.services.mozilla.com/D9145
dom/base/nsContentUtils.cpp
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -7863,21 +7863,26 @@ nsresult
 nsContentUtils::CalculateBufferSizeForImage(const uint32_t& aStride,
                                             const IntSize& aImageSize,
                                             const SurfaceFormat& aFormat,
                                             size_t* aMaxBufferSize,
                                             size_t* aUsedBufferSize)
 {
   CheckedInt32 requiredBytes =
     CheckedInt32(aStride) * CheckedInt32(aImageSize.height);
-  if (!requiredBytes.isValid()) {
+
+  CheckedInt32 usedBytes = requiredBytes - aStride +
+    (CheckedInt32(aImageSize.width) * BytesPerPixel(aFormat));
+  if (!usedBytes.isValid()) {
     return NS_ERROR_FAILURE;
   }
+
+  MOZ_ASSERT(requiredBytes.isValid(), "usedBytes valid but not required?");
   *aMaxBufferSize = requiredBytes.value();
-  *aUsedBufferSize = *aMaxBufferSize - aStride + (aImageSize.width * BytesPerPixel(aFormat));
+  *aUsedBufferSize = usedBytes.value();
   return NS_OK;
 }
 
 nsresult
 nsContentUtils::DataTransferItemToImage(const IPCDataTransferItem& aItem,
                                         imgIContainer** aContainer)
 {
   MOZ_ASSERT(aItem.data().type() == IPCDataTransferData::TShmem);