Bug 219000

Summary:

Fix possible integer overflow in ImageSource::canUseAsyncDecoding()

Product:

WebKit

Reporter:

Said Abou-Hallawa <sabouhallawa>

Component:

Images

Assignee:

Said Abou-Hallawa <sabouhallawa>

Status:

NEW

Severity:

Normal

CC:

ahmad.saleem792, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	sabouhallawa: review?

Said Abou-Hallawa

Reported 2020-11-16 12:31:53 PST

If the image is malformed such that its area multiplied by 4 is greater than the INT_MAX, an overflow will happen in ImageSource::canUseAsyncDecoding().

Attachments
Patch (1.67 KB, patch) 2020-11-16 12:41 PST, Said Abou-Hallawa	sabouhallawa: review?	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Said Abou-Hallawa

Comment 1 2020-11-16 12:40:04 PST

<rdar://problem/71369763>

Said Abou-Hallawa

Comment 2 2020-11-16 12:41:28 PST

Created attachment 414272 [details] Patch

Ahmad Saleem

Comment 3 2024-09-03 03:18:05 PDT

This patch was modifying this function, which is now gone with following commit - https://github.com/WebKit/WebKit/commit/8b78e07f7be5805e58bc1858db1ee8a6e6a7a15d#diff-304a81cca33b7403e9830035e1078056bbee049f993ea8dade03f3758ef0369cL336 Do we still need this?

Ahmad Saleem

Comment 4 2024-09-03 03:18:52 PDT

Although it might be here - https://searchfox.org/wubkat/rev/b36cbce69fddb7da33823f316bd8ead5bebee970/Source/WebCore/platform/graphics/BitmapImageSource.cpp#327

Note You need to log in before you can comment on or make changes to this bug.