RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 19:17:35 +00:00
Code Issues Activity Actions

LibGfx: Don't allow creating bitmaps whose sizes would overflow

Browse source 
If the area or size_in_bytes calculation for a Gfx::Bitmap would
overflow, we now refuse to create such a bitmap and return nullptr.

Thanks to @itamar8910 for finding this! :^)
This commit is contained in:
Andreas Kling 2020-04-15 11:57:24 +02:00
parent a8406aa117
commit 228ace854c
5 changed files with 62 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

23
Libraries/LibGfx/Bitmap.h
View file

@ -49,15 +49,15 @@ enum RotationDirection {
class Bitmap : public RefCounted<Bitmap> {
public:
static NonnullRefPtr<Bitmap> create(BitmapFormat, const Size&);
static NonnullRefPtr<Bitmap> create_purgeable(BitmapFormat, const Size&);
static NonnullRefPtr<Bitmap> create_wrapper(BitmapFormat, const Size&, size_t pitch, RGBA32*);
static RefPtr<Bitmap> create(BitmapFormat, const Size&);
static RefPtr<Bitmap> create_purgeable(BitmapFormat, const Size&);
static RefPtr<Bitmap> create_wrapper(BitmapFormat, const Size&, size_t pitch, RGBA32*);
static RefPtr<Bitmap> load_from_file(const StringView& path);
static NonnullRefPtr<Bitmap> create_with_shared_buffer(BitmapFormat, NonnullRefPtr<SharedBuffer>&&, const Size&);
static RefPtr<Bitmap> create_with_shared_buffer(BitmapFormat, NonnullRefPtr<SharedBuffer>&&, const Size&);
NonnullRefPtr<Gfx::Bitmap> rotated(Gfx::RotationDirection) const;
NonnullRefPtr<Gfx::Bitmap> flipped(Gfx::Orientation) const;
NonnullRefPtr<Bitmap> to_bitmap_backed_by_shared_buffer() const;
RefPtr<Gfx::Bitmap> rotated(Gfx::RotationDirection) const;
RefPtr<Gfx::Bitmap> flipped(Gfx::Orientation) const;
RefPtr<Bitmap> to_bitmap_backed_by_shared_buffer() const;
ShareableBitmap to_shareable_bitmap(pid_t peer_pid = -1) const;
@ -79,9 +79,9 @@ public:
SharedBuffer* shared_buffer() { return m_shared_buffer.ptr(); }
const SharedBuffer* shared_buffer() const { return m_shared_buffer.ptr(); }
unsigned bpp() const
static unsigned bpp_for_format(BitmapFormat format)
{
switch (m_format) {
switch (format) {
case BitmapFormat::Indexed8:
return 8;
case BitmapFormat::RGB32:
@ -94,6 +94,11 @@ public:
}
}
unsigned bpp() const
{
return bpp_for_format(m_format);
}
void fill(Color);
bool has_alpha_channel() const { return m_format == BitmapFormat::RGBA32; }