This is an automated email from the git hooks/post-receive script. richard pushed a commit to branch geckoview-102.3.0esr-12.0-1 in repository tor-browser. commit 4805e26a3fa23020dc437a3c12ac34356dbf6027 Author: Timothy Nikkel <tnikkel@gmail.com> AuthorDate: Tue Aug 23 08:42:49 2022 +0000 Bug 1784835. Use checkedint in webp encoder to avoid overflow. r=aosmond, a=RyanVM --- image/encoders/webp/nsWebPEncoder.cpp | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/image/encoders/webp/nsWebPEncoder.cpp b/image/encoders/webp/nsWebPEncoder.cpp index 38c4f2ce4c288..c7ae125aae40f 100644 --- a/image/encoders/webp/nsWebPEncoder.cpp +++ b/image/encoders/webp/nsWebPEncoder.cpp @@ -103,12 +103,20 @@ nsWebPEncoder::InitFromData(const uint8_t* aData, size_t size = 0; + CheckedInt32 width = CheckedInt32(aWidth); + CheckedInt32 height = CheckedInt32(aHeight); + CheckedInt32 stride = CheckedInt32(aStride); + if (!width.isValid() || !height.isValid() || !stride.isValid() || + !(CheckedUint32(aStride) * CheckedUint32(aHeight)).isValid()) { + return NS_ERROR_INVALID_ARG; + } + if (aInputFormat == INPUT_FORMAT_RGB) { - size = - WebPEncodeRGB(aData, aWidth, aHeight, aStride, quality, &mImageBuffer); + size = WebPEncodeRGB(aData, width.value(), height.value(), stride.value(), + quality, &mImageBuffer); } else if (aInputFormat == INPUT_FORMAT_RGBA) { - size = - WebPEncodeRGBA(aData, aWidth, aHeight, aStride, quality, &mImageBuffer); + size = WebPEncodeRGBA(aData, width.value(), height.value(), stride.value(), + quality, &mImageBuffer); } else if (aInputFormat == INPUT_FORMAT_HOSTARGB) { UniquePtr<uint8_t[]> aDest = MakeUnique<uint8_t[]>(aStride * aHeight); @@ -135,8 +143,8 @@ nsWebPEncoder::InitFromData(const uint8_t* aData, } } - size = WebPEncodeRGBA(aDest.get(), aWidth, aHeight, aStride, quality, - &mImageBuffer); + size = WebPEncodeRGBA(aDest.get(), width.value(), height.value(), + stride.value(), quality, &mImageBuffer); } mFinished = true; -- To stop receiving notification emails like this one, please contact the administrator of this repository.