From f9a38fa693b32d30b144cb83cd27510d406b54d0 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Fri, 17 Sep 2021 13:12:46 +0200
Subject: [PATCH] LibGfx: Don't use unbounded VLA's in FastBoxBlurFilter

These would cause the stack to overflow when LibWeb tried rendering a
CSS box-shadow for a large enough element.

Use Vector (with *some* inline capacity for smaller images) to avoid
this issue. If these heap allocations turn out to be too much work,
we can add something like a persistent scratch buffer cache.
---
 .../Libraries/LibGfx/Filters/FastBoxBlurFilter.h    | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/Userland/Libraries/LibGfx/Filters/FastBoxBlurFilter.h b/Userland/Libraries/LibGfx/Filters/FastBoxBlurFilter.h
index 1b851d38b1..bb1c26b801 100644
--- a/Userland/Libraries/LibGfx/Filters/FastBoxBlurFilter.h
+++ b/Userland/Libraries/LibGfx/Filters/FastBoxBlurFilter.h
@@ -28,10 +28,15 @@ public:
 
         int div = 2 * radius + 1;
 
-        u8 intermediate_red[width * height];
-        u8 intermediate_green[width * height];
-        u8 intermediate_blue[width * height];
-        u8 intermediate_alpha[width * height];
+        Vector<u8, 1024> intermediate_red;
+        Vector<u8, 1024> intermediate_green;
+        Vector<u8, 1024> intermediate_blue;
+        Vector<u8, 1024> intermediate_alpha;
+
+        intermediate_red.resize(width * height);
+        intermediate_green.resize(width * height);
+        intermediate_blue.resize(width * height);
+        intermediate_alpha.resize(width * height);
 
         // First pass: vertical
         for (int y = 0; y < height; ++y) {