From e5ecca39a8117f1b5503379bda146b9267eeeaee Mon Sep 17 00:00:00 2001 From: Samuel Susla Date: Tue, 22 Dec 2020 12:16:25 -0800 Subject: [PATCH] Prevent crash when blurring an image Summary: Changelog: [internal] Return original image instead of calling `abort()` when malloc fails. Should we show a redbox? I don't think so, the redbox wouldn't be actionable for product engineer. Reviewed By: PeteTheHeat Differential Revision: D25678532 fbshipit-source-id: dd44d5e87198a0f76767ea40fe111ed347a7669a --- Libraries/Image/RCTImageBlurUtils.m | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Libraries/Image/RCTImageBlurUtils.m b/Libraries/Image/RCTImageBlurUtils.m index 592f0239ed..3ba8c64eac 100644 --- a/Libraries/Image/RCTImageBlurUtils.m +++ b/Libraries/Image/RCTImageBlurUtils.m @@ -34,12 +34,13 @@ UIImage *RCTBlurredImageWithRadius(UIImage *inputImage, CGFloat radius) buffer1.rowBytes = buffer2.rowBytes = CGImageGetBytesPerRow(imageRef); size_t bytes = buffer1.rowBytes * buffer1.height; buffer1.data = malloc(bytes); + if (!buffer1.data) { + return inputImage; + } buffer2.data = malloc(bytes); - if (!buffer1.data || !buffer2.data) { - // CWE - 391 : Unchecked error condition - // https://www.cvedetails.com/cwe-details/391/Unchecked-Error-Condition.html - // https://eli.thegreenplace.net/2009/10/30/handling-out-of-memory-conditions-in-c - abort(); + if (!buffer2.data) { + free(buffer1.data); + return inputImage; } // A description of how to compute the box kernel width from the Gaussian @@ -58,10 +59,9 @@ UIImage *RCTBlurredImageWithRadius(UIImage *inputImage, CGFloat radius) } void *tempBuffer = malloc(tempBufferSize); if (!tempBuffer) { - // CWE - 391 : Unchecked error condition - // https://www.cvedetails.com/cwe-details/391/Unchecked-Error-Condition.html - // https://eli.thegreenplace.net/2009/10/30/handling-out-of-memory-conditions-in-c - abort(); + free(buffer1.data); + free(buffer2.data); + return inputImage; } //copy image data