From 31b3a2b31a50f83ed100e01485013fd871399f45 Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Mon, 18 May 2015 14:18:08 -0700 Subject: Add safe FX_Alloc2D() macro This avoids unchecked multiplications when computing a size argument to malloc(). Such an overflow is very scary, and can result in exploitable bugs. Along the way, kill off some return checks, since we know this can't return NULL. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1143663004 --- core/src/fxge/agg/agg23/fx_agg_path_storage.cpp | 5 +---- core/src/fxge/dib/fx_dib_engine.cpp | 5 +---- core/src/fxge/skia/fx_skia_device.cpp | 2 +- core/src/fxge/win32/fx_win32_gdipext.cpp | 10 ++++------ 4 files changed, 7 insertions(+), 15 deletions(-) (limited to 'core/src/fxge') diff --git a/core/src/fxge/agg/agg23/fx_agg_path_storage.cpp b/core/src/fxge/agg/agg23/fx_agg_path_storage.cpp index 8c4b701ebe..b4b184e0a4 100644 --- a/core/src/fxge/agg/agg23/fx_agg_path_storage.cpp +++ b/core/src/fxge/agg/agg23/fx_agg_path_storage.cpp @@ -51,10 +51,7 @@ void path_storage::allocate_block(unsigned nb) { if(nb >= m_max_blocks) { FX_FLOAT** new_coords = - FX_Alloc( FX_FLOAT*, (m_max_blocks + block_pool) * 2); - if (!new_coords) { - return; - } + FX_Alloc2D(FX_FLOAT*, m_max_blocks + block_pool, 2); unsigned char** new_cmds = (unsigned char**)(new_coords + m_max_blocks + block_pool); if(m_coord_blocks) { diff --git a/core/src/fxge/dib/fx_dib_engine.cpp b/core/src/fxge/dib/fx_dib_engine.cpp index 5053c306f5..7c40171c2b 100644 --- a/core/src/fxge/dib/fx_dib_engine.cpp +++ b/core/src/fxge/dib/fx_dib_engine.cpp @@ -316,10 +316,7 @@ FX_BOOL CStretchEngine::StartStretchHorz() return FALSE; } if (m_pSource && m_bHasAlpha && m_pSource->m_pAlphaMask) { - m_pExtraAlphaBuf = FX_Alloc(unsigned char, m_SrcClip.Height() * m_ExtraMaskPitch); - if (!m_pExtraAlphaBuf) { - return FALSE; - } + m_pExtraAlphaBuf = FX_Alloc2D(unsigned char, m_SrcClip.Height(), m_ExtraMaskPitch); FX_DWORD size = (m_DestClip.Width() * 8 + 31) / 32 * 4; m_pDestMaskScanline = FX_TryAlloc(unsigned char, size); if (!m_pDestMaskScanline) { diff --git a/core/src/fxge/skia/fx_skia_device.cpp b/core/src/fxge/skia/fx_skia_device.cpp index cc4059dd1d..a483eca5ca 100644 --- a/core/src/fxge/skia/fx_skia_device.cpp +++ b/core/src/fxge/skia/fx_skia_device.cpp @@ -210,7 +210,7 @@ static void SkRasterizeStroke(SkPaint& spaint, SkPath* dstPathData, SkPath& path dstPathData->transform(smatrix); } else { int count = (pGraphState->m_DashCount+1)/2; - SkScalar* intervals = FX_Alloc(SkScalar, count* sizeof (SkScalar)); + SkScalar* intervals = FX_Alloc2D(SkScalar, count, sizeof(SkScalar)); // Set dash pattern for (int i = 0; i < count; i ++) { FX_FIXFLOAT on = pGraphState->m_DashArray[i*2]; diff --git a/core/src/fxge/win32/fx_win32_gdipext.cpp b/core/src/fxge/win32/fx_win32_gdipext.cpp index fae1883f4d..49c3f2b0cf 100644 --- a/core/src/fxge/win32/fx_win32_gdipext.cpp +++ b/core/src/fxge/win32/fx_win32_gdipext.cpp @@ -1266,16 +1266,14 @@ CFX_DIBitmap* CGdiplusExt::LoadDIBitmap(WINDIB_Open_Args_ args) int height = abs(pInfo->pbmi->bmiHeader.biHeight); int width = pInfo->pbmi->bmiHeader.biWidth; int dest_pitch = (width * pInfo->pbmi->bmiHeader.biBitCount + 31) / 32 * 4; - LPBYTE pData = FX_Alloc(BYTE, dest_pitch * height); - if (pData == NULL) { - FreeDIBitmap(pInfo); - return NULL; - } + LPBYTE pData = FX_Alloc2D(BYTE, dest_pitch, height); if (dest_pitch == pInfo->Stride) { FXSYS_memcpy32(pData, pInfo->pScan0, dest_pitch * height); - } else for (int i = 0; i < height; i ++) { + } else { + for (int i = 0; i < height; i ++) { FXSYS_memcpy32(pData + dest_pitch * i, pInfo->pScan0 + pInfo->Stride * i, dest_pitch); } + } CFX_DIBitmap* pDIBitmap = _FX_WindowsDIB_LoadFromBuf(pInfo->pbmi, pData, pInfo->pbmi->bmiHeader.biBitCount == 32); FX_Free(pData); FreeDIBitmap(pInfo); -- cgit v1.2.3