void ImageBitmap::SetPictureRect(const IntRect& aRect, ErrorResult& aRv) { gfx::IntRect rect = aRect; // fix up negative dimensions if (rect.width < 0) { CheckedInt32 checkedX = CheckedInt32(rect.x) + rect.width; if (!checkedX.isValid()) { aRv.Throw(NS_ERROR_DOM_INDEX_SIZE_ERR); return; } rect.x = checkedX.value(); rect.width = -(rect.width); } if (rect.height < 0) { CheckedInt32 checkedY = CheckedInt32(rect.y) + rect.height; if (!checkedY.isValid()) { aRv.Throw(NS_ERROR_DOM_INDEX_SIZE_ERR); return; } rect.y = checkedY.value(); rect.height = -(rect.height); } mPictureRect = rect; }
void gfxXlibSurface::TakePixmap() { NS_ASSERTION(!mPixmapTaken, "I already own the Pixmap!"); mPixmapTaken = true; // The bit depth returned from Cairo is technically int, but this is // the last place we'd be worried about that scenario. unsigned int bitDepth = cairo_xlib_surface_get_depth(CairoSurface()); MOZ_ASSERT((bitDepth % 8) == 0, "Memory used not recorded correctly"); // Divide by 8 because surface_get_depth gives us the number of *bits* per // pixel. gfxIntSize size = GetSize(); CheckedInt32 totalBytes = CheckedInt32(size.width) * CheckedInt32(size.height) * (bitDepth/8); // Don't do anything in the "else" case. We could add INT32_MAX, but that // would overflow the memory used counter. It would also mean we tried for // a 2G image. For now, we'll just assert, MOZ_ASSERT(totalBytes.isValid(),"Did not expect to exceed 2Gb image"); if (totalBytes.isValid()) { RecordMemoryUsed(totalBytes.value()); } }
size_t BufferSizeFromStrideAndHeight(int32_t aStride, int32_t aHeight, int32_t aExtraBytes) { if (MOZ_UNLIKELY(aHeight <= 0)) { return 0; } // We limit the length returned to values that can be represented by int32_t // because we don't want to allocate buffers any bigger than that. This // allows for a buffer size of over 2 GiB which is already rediculously // large and will make the process janky. (Note the choice of the signed type // is deliberate because we specifically don't want the returned value to // overflow if someone stores the buffer length in an int32_t variable.) CheckedInt32 requiredBytes = CheckedInt32(aStride) * CheckedInt32(aHeight) + CheckedInt32(aExtraBytes); if (MOZ_UNLIKELY(!requiredBytes.isValid())) { gfxWarning() << "Buffer size too big; returning zero"; return 0; } return requiredBytes.value(); }