mirrors/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-01-22 17:24:48 -05:00
Code Issues Projects Releases Packages Wiki Activity

LibGfx: Protect against over-large bitmaps

Browse source
This commit is contained in:
Ben Wiederhake 2020-08-30 14:18:54 +02:00 committed by Andreas Kling
parent 98bfcb4b57
commit 52a797afdb
Notes: sideshowbarker 2024-07-19 02:45:20 +09:00 
Author: https://github.com/BenWiederhake
Commit: https://github.com/SerenityOS/serenity/commit/52a797afdb0
Pull-request: https://github.com/SerenityOS/serenity/pull/3398
Reviewed-by: https://github.com/awesomekling
Reviewed-by: https://github.com/nico
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Libraries/LibGfx/Bitmap.cpp
View file

@ -44,11 +44,16 @@
namespace Gfx {
static bool size_would_overflow(BitmapFormat format, const IntSize& size)
static bool size_would_overflow(BitmapFormat, const IntSize& size)
{
if (size.width() < 0 || size.height() < 0)
return true;
return Checked<size_t>::multiplication_would_overflow(size.width(), size.height(), Bitmap::bpp_for_format(format));
// This check is a bit arbitrary, but should protect us from most shenanigans:
if (size.width() >= 32768 || size.height() >= 32768)
return true;
// This check is absolutely necessary. Note that Bitmap::Bitmap always stores
// data as RGBA32 internally, so currently we ignore the indicated format.
return Checked<size_t>::multiplication_would_overflow(size.width(), size.height(), sizeof(RGBA32));
}
RefPtr<Bitmap> Bitmap::create(BitmapFormat format, const IntSize& size)