[iOS, macOS] Guard against passing nullptr to vImagePremultiplyData
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 19 Apr 2017 16:17:53 +0000 (16:17 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 19 Apr 2017 16:17:53 +0000 (16:17 +0000)
https://bugs.webkit.org/show_bug.cgi?id=170912
<rdar://problem/30565800>

Reviewed by Brady Eidson.

* platform/graphics/cg/ImageBufferDataCG.cpp:
(WebCore::affineWarpBufferData): Assert if we passed nullptr buffers.
(WebCore::transferData): Ditto.
(WebCore::ImageBufferData::getData): Check for nullptr data member and avoid passing to vImage routines.
(WebCore::ImageBufferData::putData): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@215514 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/cg/ImageBufferDataCG.cpp

index cdbc143..13af108 100644 (file)
@@ -1,3 +1,17 @@
+2017-04-19  Brent Fulgham  <bfulgham@apple.com>
+
+        [iOS, macOS] Guard against passing nullptr to vImagePremultiplyData
+        https://bugs.webkit.org/show_bug.cgi?id=170912
+        <rdar://problem/30565800>
+
+        Reviewed by Brady Eidson.
+
+        * platform/graphics/cg/ImageBufferDataCG.cpp:
+        (WebCore::affineWarpBufferData): Assert if we passed nullptr buffers.
+        (WebCore::transferData): Ditto.
+        (WebCore::ImageBufferData::getData): Check for nullptr data member and avoid passing to vImage routines.
+        (WebCore::ImageBufferData::putData): Ditto.
+
 2017-04-19  Dave Hyatt  <hyatt@apple.com>
 
         Remove bogus assert for :not.
index f1bbcc6..2d383dc 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -83,6 +83,9 @@ static void premultiplyBufferData(const vImage_Buffer& src, const vImage_Buffer&
 #if !PLATFORM(IOS_SIMULATOR)
 static void affineWarpBufferData(const vImage_Buffer& src, const vImage_Buffer& dest, float scale)
 {
+    ASSERT(src.data);
+    ASSERT(dest.data);
+
     vImage_AffineTransform scaleTransform = { scale, 0, 0, scale, 0, 0 }; // FIXME: Add subpixel translation.
     Pixel_8888 backgroundColor;
     vImageAffineWarp_ARGB8888(&src, &dest, 0, &scaleTransform, backgroundColor, kvImageEdgeExtend);
@@ -93,6 +96,9 @@ static void affineWarpBufferData(const vImage_Buffer& src, const vImage_Buffer&
 static inline void transferData(void* output, void* input, int width, int height, size_t inputBytesPerRow)
 {
 #if USE(ACCELERATE)
+    ASSERT(input);
+    ASSERT(output);
+
     vImage_Buffer src;
     src.width = width;
     src.height = height;
@@ -194,6 +200,9 @@ RefPtr<Uint8ClampedArray> ImageBufferData::getData(const IntRect& rect, const In
     unsigned char* srcRows;
     
     if (!accelerateRendering) {
+        if (!data)
+            return result;
+
         srcBytesPerRow = bytesPerRow.unsafeGet();
         srcRows = reinterpret_cast<unsigned char*>(data) + originy * srcBytesPerRow + originx * 4;
 
@@ -437,6 +446,9 @@ void ImageBufferData::putData(Uint8ClampedArray*& source, const IntSize& sourceS
     unsigned char* destRows;
     
     if (!accelerateRendering) {
+        if (!data)
+            return;
+
         destBytesPerRow = bytesPerRow.unsafeGet();
         destRows = reinterpret_cast<unsigned char*>(data) + (desty * destBytesPerRow + destx * 4).unsafeGet();