219000 – Fix possible integer overflow in ImageSource::canUseAsyncDecoding()

NEW 219000

Fix possible integer overflow in ImageSource::canUseAsyncDecoding()

https://bugs.webkit.org/show_bug.cgi?id=219000

Summary Fix possible integer overflow in ImageSource::canUseAsyncDecoding()

Said Abou-Hallawa

Reported 2020-11-16 12:31:53 PST

If the image is malformed such that its area multiplied by 4 is greater than the INT_MAX, an overflow will happen in ImageSource::canUseAsyncDecoding().

Attachments
Patch (1.67 KB, patch) 2020-11-16 12:41 PST, Said Abou-Hallawa	sabouhallawa: review?	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Said Abou-Hallawa

Comment 1 2020-11-16 12:40:04 PST

<rdar://problem/71369763>

Said Abou-Hallawa

Comment 2 2020-11-16 12:41:28 PST

Created attachment 414272 [details] Patch

Ahmad Saleem

Comment 3 2024-09-03 03:18:05 PDT

This patch was modifying this function, which is now gone with following commit - https://github.com/WebKit/WebKit/commit/8b78e07f7be5805e58bc1858db1ee8a6e6a7a15d#diff-304a81cca33b7403e9830035e1078056bbee049f993ea8dade03f3758ef0369cL336 Do we still need this?

Ahmad Saleem

Comment 4 2024-09-03 03:18:52 PDT

Although it might be here - https://searchfox.org/wubkat/rev/b36cbce69fddb7da33823f316bd8ead5bebee970/Source/WebCore/platform/graphics/BitmapImageSource.cpp#327

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Images

Assignee

Said Abou-Hallawa

Reported

2020-11-16 12:31 PST

Modified

2024-09-03 03:18 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks