diff options
| -rw-r--r-- | chromium/cc/paint/paint_op_reader.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/chromium/cc/paint/paint_op_reader.cc b/chromium/cc/paint/paint_op_reader.cc index df1e7e6818d..0979f663017 100644 --- a/chromium/cc/paint/paint_op_reader.cc +++ b/chromium/cc/paint/paint_op_reader.cc @@ -320,6 +320,10 @@ void PaintOpReader::Read(PaintImage* image) { SkImageInfo image_info = SkImageInfo::Make(width, height, color_type, kPremul_SkAlphaType); + if (pixel_size < image_info.computeMinByteSize()) { + SetInvalid(); + return; + } const volatile void* pixel_data = ExtractReadableMemory(pixel_size); if (!valid_) return; |