From 483ce4fb506ed8c51c6bef41e93841a12945a3a7 Mon Sep 17 00:00:00 2001 From: Jonathan Watt Date: Fri, 10 Jun 2016 13:32:01 +0100 Subject: [PATCH] Bug 1279628, part 3 - Replace the last gfxASurface::CheckSurfaceSize call, and remove gfxASurface::CheckSurfaceSize. r=mstange --- dom/canvas/CanvasRenderingContext2D.cpp | 8 +++-- gfx/thebes/gfxASurface.cpp | 43 ------------------------- gfx/thebes/gfxASurface.h | 6 ---- 3 files changed, 5 insertions(+), 52 deletions(-) diff --git a/dom/canvas/CanvasRenderingContext2D.cpp b/dom/canvas/CanvasRenderingContext2D.cpp index 64d8e8c42784..16633e6ba6d8 100644 --- a/dom/canvas/CanvasRenderingContext2D.cpp +++ b/dom/canvas/CanvasRenderingContext2D.cpp @@ -49,7 +49,6 @@ #include "ImageRegion.h" #include "gfxContext.h" -#include "gfxASurface.h" #include "gfxImageSurface.h" #include "gfxPlatform.h" #include "gfxFont.h" @@ -4911,10 +4910,13 @@ CanvasRenderingContext2D::DrawWindow(nsGlobalWindow& aWindow, double aX, { MOZ_ASSERT(aWindow.IsInnerWindow()); + if (int32_t(aW) == 0 || int32_t(aH) == 0) { + return; + } + // protect against too-large surfaces that will cause allocation // or overflow issues - if (!gfxASurface::CheckSurfaceSize(gfx::IntSize(int32_t(aW), int32_t(aH)), - 0xffff)) { + if (!Factory::CheckSurfaceSize(IntSize(int32_t(aW), int32_t(aH)), 0xffff)) { aError.Throw(NS_ERROR_FAILURE); return; } diff --git a/gfx/thebes/gfxASurface.cpp b/gfx/thebes/gfxASurface.cpp index 6de50e54ebe7..acd0cf9a64c8 100644 --- a/gfx/thebes/gfxASurface.cpp +++ b/gfx/thebes/gfxASurface.cpp @@ -352,49 +352,6 @@ gfxASurface::CairoStatus() return cairo_surface_status(mSurface); } -/* static */ -bool -gfxASurface::CheckSurfaceSize(const IntSize& sz, int32_t limit) -{ - if (sz.width < 0 || sz.height < 0) { - NS_WARNING("Surface width or height < 0!"); - return false; - } - - // reject images with sides bigger than limit - if (limit && (sz.width > limit || sz.height > limit)) { - NS_WARNING("Surface size too large (exceeds caller's limit)!"); - return false; - } - -#if defined(XP_MACOSX) - // CoreGraphics is limited to images < 32K in *height*, - // so clamp all surfaces on the Mac to that height - if (sz.height > SHRT_MAX) { - NS_WARNING("Surface size too large (exceeds CoreGraphics limit)!"); - return false; - } -#endif - - // make sure the surface area doesn't overflow a int32_t - CheckedInt tmp = sz.width; - tmp *= sz.height; - if (!tmp.isValid()) { - NS_WARNING("Surface size too large (would overflow)!"); - return false; - } - - // assuming 4-byte stride, make sure the allocation size - // doesn't overflow a int32_t either - tmp *= 4; - if (!tmp.isValid()) { - NS_WARNING("Allocation too large (would overflow)!"); - return false; - } - - return true; -} - /* static */ int32_t gfxASurface::FormatStrideForWidth(gfxImageFormat format, int32_t width) diff --git a/gfx/thebes/gfxASurface.h b/gfx/thebes/gfxASurface.h index 56d2f98826ea..ca7535e5607d 100644 --- a/gfx/thebes/gfxASurface.h +++ b/gfx/thebes/gfxASurface.h @@ -101,12 +101,6 @@ public: int CairoStatus(); - /* Make sure that the given dimensions don't overflow a 32-bit signed int - * using 4 bytes per pixel; optionally, make sure that either dimension - * doesn't exceed the given limit. - */ - static bool CheckSurfaceSize(const mozilla::gfx::IntSize& sz, int32_t limit = 0); - /* Provide a stride value that will respect all alignment requirements of * the accelerated image-rendering code. */