From 1bf1084f2b10c3b47fd1a588d85d21ed0eb41d0c Mon Sep 17 00:00:00 2001 From: Lorry Tar Creator Date: Tue, 27 Jun 2017 06:07:23 +0000 Subject: webkitgtk-2.16.5 --- Source/WebCore/html/ImageData.cpp | 73 +++++++++++++++++++++++++++++++-------- 1 file changed, 58 insertions(+), 15 deletions(-) (limited to 'Source/WebCore/html/ImageData.cpp') diff --git a/Source/WebCore/html/ImageData.cpp b/Source/WebCore/html/ImageData.cpp index 57afb0b72..a9fe10011 100644 --- a/Source/WebCore/html/ImageData.cpp +++ b/Source/WebCore/html/ImageData.cpp @@ -1,5 +1,6 @@ /* - * Copyright (C) 2008 Apple Inc. All rights reserved. + * Copyright (C) 2008-2016 Apple Inc. All rights reserved. + * Copyright (C) 2014 Adobe Systems Incorporated. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -29,45 +30,87 @@ #include "config.h" #include "ImageData.h" +#include "ExceptionCode.h" +#include +#include + namespace WebCore { -PassRefPtr ImageData::create(const IntSize& size) +ExceptionOr> ImageData::create(unsigned sw, unsigned sh) +{ + if (!sw || !sh) + return Exception { INDEX_SIZE_ERR }; + + Checked dataSize = 4; + dataSize *= sw; + dataSize *= sh; + if (dataSize.hasOverflowed()) + return Exception { TypeError }; // FIXME: Seems a peculiar choice of exception here. + + IntSize size(sw, sh); + auto data = adoptRef(*new ImageData(size)); + data->data()->zeroFill(); + return WTFMove(data); +} + +RefPtr ImageData::create(const IntSize& size) { Checked dataSize = 4; dataSize *= size.width(); dataSize *= size.height(); if (dataSize.hasOverflowed()) - return 0; + return nullptr; - return adoptRef(new ImageData(size)); + return adoptRef(*new ImageData(size)); } -PassRefPtr ImageData::create(const IntSize& size, PassRefPtr byteArray) +RefPtr ImageData::create(const IntSize& size, Ref&& byteArray) { Checked dataSize = 4; dataSize *= size.width(); dataSize *= size.height(); if (dataSize.hasOverflowed()) - return 0; + return nullptr; + + if (dataSize.unsafeGet() < 0 || static_cast(dataSize.unsafeGet()) > byteArray->length()) + return nullptr; + + return adoptRef(*new ImageData(size, WTFMove(byteArray))); +} + +ExceptionOr> ImageData::create(Ref&& byteArray, unsigned sw, unsigned sh) +{ + unsigned length = byteArray->length(); + if (!length || length % 4 != 0) + return Exception { INVALID_STATE_ERR }; + + if (!sw) + return Exception { INDEX_SIZE_ERR }; + + length /= 4; + if (length % sw != 0) + return Exception { INVALID_STATE_ERR }; - if (dataSize.unsafeGet() < 0 - || static_cast(dataSize.unsafeGet()) > byteArray->length()) - return 0; + unsigned height = length / sw; + if (sh && sh != height) + return Exception { INDEX_SIZE_ERR }; - return adoptRef(new ImageData(size, byteArray)); + return create(IntSize(sw, height), WTFMove(byteArray)); } ImageData::ImageData(const IntSize& size) : m_size(size) - , m_data(Uint8ClampedArray::createUninitialized(size.width() * size.height() * 4)) + , m_data(Uint8ClampedArray::createUninitialized((size.area() * 4).unsafeGet())) { + ASSERT(m_data); } -ImageData::ImageData(const IntSize& size, PassRefPtr byteArray) +ImageData::ImageData(const IntSize& size, Ref&& byteArray) : m_size(size) - , m_data(byteArray) + , m_data(WTFMove(byteArray)) { - ASSERT_WITH_SECURITY_IMPLICATION(static_cast(size.width() * size.height() * 4) <= m_data->length()); + ASSERT(m_data); + ASSERT_WITH_SECURITY_IMPLICATION(!m_data || (size.area() * 4).unsafeGet() <= m_data->length()); } } -- cgit v1.2.1