diff options
| author | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-02-07 09:43:31 +0000 |
|---|---|---|
| committer | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-02-07 09:43:31 +0000 |
| commit | 54c8d1d88dff8b8f89037da81aaa06398587596e (patch) | |
| tree | f6d70f24cbee6ab64533fac8633ae467d6ac8700 /chrome/common/common_param_traits.cc | |
| parent | bd7d0ab7ca879614ec00cb149b0a89d74d86914f (diff) | |
| download | chromium_src-54c8d1d88dff8b8f89037da81aaa06398587596e.zip chromium_src-54c8d1d88dff8b8f89037da81aaa06398587596e.tar.gz chromium_src-54c8d1d88dff8b8f89037da81aaa06398587596e.tar.bz2 | |
Apply a sanity check on gfx::Size deserialization so we can be confident there
are no width * height * bpp problems.
BUG=none
TEST=none
TBR=jschuh
Review URL: http://codereview.chromium.org/6413013
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@73977 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/common/common_param_traits.cc')
| -rw-r--r-- | chrome/common/common_param_traits.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/chrome/common/common_param_traits.cc b/chrome/common/common_param_traits.cc index 64fa35c9..5d3d120 100644 --- a/chrome/common/common_param_traits.cc +++ b/chrome/common/common_param_traits.cc @@ -180,6 +180,8 @@ bool ParamTraits<gfx::Size>::Read(const Message* m, void** iter, gfx::Size* r) { if (!m->ReadInt(iter, &w) || !m->ReadInt(iter, &h)) return false; + if (w < 0 || h < 0 || h >= ((INT_MAX / 16) / (w ? w : 1))) + return false; r->set_width(w); r->set_height(h); return true; |