Loading image/src/imgFrame.cpp +3 −7 Original line number Diff line number Diff line Loading @@ -19,6 +19,7 @@ static bool gDisableOptimize = false; #include "cairo.h" #include "GeckoProfiler.h" #include "mozilla/Likely.h" #include "mozilla/CheckedInt.h" #if defined(XP_WIN) Loading Loading @@ -54,13 +55,8 @@ static bool AllowedImageSize(int32_t aWidth, int32_t aHeight) } // check to make sure we don't overflow a 32-bit int32_t tmp = aWidth * aHeight; if (MOZ_UNLIKELY(tmp / aHeight != aWidth)) { NS_WARNING("width or height too large"); return false; } tmp = tmp * 4; if (MOZ_UNLIKELY(tmp / 4 != aWidth * aHeight)) { mozilla::CheckedInt32 requiredBytes = mozilla::CheckedInt32(aWidth) * mozilla::CheckedInt32(aHeight) * 4; if (MOZ_UNLIKELY(!requiredBytes.isValid())) { NS_WARNING("width or height too large"); return false; } Loading js/src/vm/Interpreter-inl.h +2 −6 Original line number Diff line number Diff line Loading @@ -368,13 +368,9 @@ AddOperation(JSContext *cx, HandleScript script, jsbytecode *pc, { if (lhs.isInt32() && rhs.isInt32()) { int32_t l = lhs.toInt32(), r = rhs.toInt32(); int32_t sum = l + r; if (JS_UNLIKELY(bool((l ^ sum) & (r ^ sum) & 0x80000000))) { res->setDouble(double(l) + double(r)); double d = double(l) + double(r); if (!res->setNumber(d)) types::TypeScript::MonitorOverflow(cx, script, pc); } else { res->setInt32(sum); } return true; } Loading Loading
image/src/imgFrame.cpp +3 −7 Original line number Diff line number Diff line Loading @@ -19,6 +19,7 @@ static bool gDisableOptimize = false; #include "cairo.h" #include "GeckoProfiler.h" #include "mozilla/Likely.h" #include "mozilla/CheckedInt.h" #if defined(XP_WIN) Loading Loading @@ -54,13 +55,8 @@ static bool AllowedImageSize(int32_t aWidth, int32_t aHeight) } // check to make sure we don't overflow a 32-bit int32_t tmp = aWidth * aHeight; if (MOZ_UNLIKELY(tmp / aHeight != aWidth)) { NS_WARNING("width or height too large"); return false; } tmp = tmp * 4; if (MOZ_UNLIKELY(tmp / 4 != aWidth * aHeight)) { mozilla::CheckedInt32 requiredBytes = mozilla::CheckedInt32(aWidth) * mozilla::CheckedInt32(aHeight) * 4; if (MOZ_UNLIKELY(!requiredBytes.isValid())) { NS_WARNING("width or height too large"); return false; } Loading
js/src/vm/Interpreter-inl.h +2 −6 Original line number Diff line number Diff line Loading @@ -368,13 +368,9 @@ AddOperation(JSContext *cx, HandleScript script, jsbytecode *pc, { if (lhs.isInt32() && rhs.isInt32()) { int32_t l = lhs.toInt32(), r = rhs.toInt32(); int32_t sum = l + r; if (JS_UNLIKELY(bool((l ^ sum) & (r ^ sum) & 0x80000000))) { res->setDouble(double(l) + double(r)); double d = double(l) + double(r); if (!res->setNumber(d)) types::TypeScript::MonitorOverflow(cx, script, pc); } else { res->setInt32(sum); } return true; } Loading
