Out of bounds write in canvas.toDataURL
[WebKit-https.git] / Source / WebCore / platform / graphics / cg / ImageBufferCG.cpp
index c761387..9d6d528 100644 (file)
@@ -540,6 +540,7 @@ String ImageDataToDataURL(const ImageData& source, const String& mimeType, const
         if (!premultipliedData.tryReserveCapacity(size))
             return "data:,";
 
+        premultipliedData.resize(size);
         unsigned char *buffer = premultipliedData.data();
         for (size_t i = 0; i < size; i += 4) {
             unsigned alpha = data[i + 3];