Skip to site navigation (Press enter)

[webkit-changes] [204804] releases/WebKitGTK/webkit-2.12/Source/WebCore

carlosgc Tue, 23 Aug 2016 04:08:57 -0700

Title: [204804] releases/WebKitGTK/webkit-2.12/Source/WebCore

Revision: 204804
Author: [email protected]
Date: 2016-08-23 04:08:34 -0700 (Tue, 23 Aug 2016)

Log Message

Merge r203503 - [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
https://bugs.webkit.org/show_bug.cgi?id=160014


Reviewed by Michael Catanzaro.

In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
ImageBuffer cairo implementation.

* platform/graphics/cairo/ImageBufferCairo.cpp:
(WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.

Modified Paths

releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/graphics/cairo/ImageBufferCairo.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (204803 => 204804)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-08-23 11:08:22 UTC (rev 204803)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-08-23 11:08:34 UTC (rev 204804)
@@ -1,3 +1,16 @@
+2016-07-21  Carlos Garcia Campos  <[email protected]>
+
+        [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
+        https://bugs.webkit.org/show_bug.cgi?id=160014
+
+        Reviewed by Michael Catanzaro.
+
+        In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
+        ImageBuffer cairo implementation.
+
+        * platform/graphics/cairo/ImageBufferCairo.cpp:
+        (WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.
+
 2016-07-06  Brent Fulgham  <[email protected]>
 
         Return values of JSArray::createUninitialized (and related) are not consistently checked for nullptr

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/graphics/cairo/ImageBufferCairo.cpp (204803 => 204804)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/graphics/cairo/ImageBufferCairo.cpp	2016-08-23 11:08:22 UTC (rev 204803)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/graphics/cairo/ImageBufferCairo.cpp	2016-08-23 11:08:34 UTC (rev 204804)
@@ -304,6 +304,8 @@
 PassRefPtr<Uint8ClampedArray> getImageData(const IntRect& rect, const ImageBufferData& data, const IntSize& size)
 {
     RefPtr<Uint8ClampedArray> result = Uint8ClampedArray::createUninitialized(rect.width() * rect.height() * 4);
+    if (!result)
+        return nullptr;
 
     if (rect.x() < 0 || rect.y() < 0 || (rect.x() + rect.width()) > size.width() || (rect.y() + rect.height()) > size.height())
         result->zeroFill();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes