chromium_src.git - central chromium sources

diff options

author	eroman@chromium.org <eroman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-02-10 00:12:04 +0000
committer	eroman@chromium.org <eroman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-02-10 00:12:04 +0000
commit	2776363abfdfd7f08a626b151e06776569c41ccb (patch)
tree	685503fce788066875284134663b45710d2e937c /webkit/media/DEPS
parent	2240256fd2e66ffb592788f027178a03c571b75b (diff)
download	chromium_src-2776363abfdfd7f08a626b151e06776569c41ccb.zip chromium_src-2776363abfdfd7f08a626b151e06776569c41ccb.tar.gz chromium_src-2776363abfdfd7f08a626b151e06776569c41ccb.tar.bz2

Merge 120916 - Avoid overread in RenderWidgetHostViewWin::OnPaint

GetRegionData may return 0 to indicate error. This call is used both to calculate the required buffer size and to fill the buffer with region data. In the first case, if not checked, a zero-length buffer may be allocated. In the second case, the buffer content is undefined. In either case, we should not depend on the buffer content. BUG=110176 TEST=Long tail crasher in gfx::Rect::Rect, called from RenderWidgetHostViewWin::OnPaint. Review URL: http://codereview.chromium.org/9316056 TBR=davidbarr@chromium.org Review URL: https://chromiumcodereview.appspot.com/9371031 git-svn-id: svn://svn.chromium.org/chrome/branches/1025/src@121346 0039d316-1c4b-4281-b951-d872f2087c98

Diffstat (limited to 'webkit/media/DEPS')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: