279108 – Fix possible integer overflow when calculating the image frame size in bytes

RESOLVED FIXED 279108

Fix possible integer overflow when calculating the image frame size in bytes

https://bugs.webkit.org/show_bug.cgi?id=279108

Summary Fix possible integer overflow when calculating the image frame size in bytes

Said Abou-Hallawa

Reported 2024-09-03 22:59:26 PDT

To calculate the image frame size in bytes, IntSize::areas() is called for the image frame size. The result of IntSize::areas() is multiplied by bytesPerPixel which is usually 4. The IntSize::area() might overflow if the width and the height are both two large integer such that their product is larger than the maximum unsigned number.

Attachments
Add attachment proposed patch, testcase, etc.

Said Abou-Hallawa

Comment 1 2024-09-03 23:00:09 PDT

rdar://134343651

Said Abou-Hallawa

Comment 2 2024-09-03 23:09:34 PDT

Pull request: https://github.com/WebKit/WebKit/pull/33105

EWS

Comment 3 2024-09-04 16:59:50 PDT

Committed 283179@main (0ed1220736b8): <https://commits.webkit.org/283179@main> Reviewed commits have been landed. Closing PR #33105 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Images

Assignee

Said Abou-Hallawa

Reported

2024-09-03 22:59 PDT

Modified

2024-09-04 16:59 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks