angler-fishThe Vulnerability History Project

cc: Prevent integer overflow with software TextureMailbox.

      Perform a CHECK() when creating a software TextureMailbox since these
come from outside of cc's control.

Do unsigned integer multiplication to produce an unsigned result,
preventing overflow when possible.

R=piman@chromium.org
BUG=348332

Review URL: https://codereview.chromium.org/220093002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@260969 0039d316-1c4b-4281-b951-d872f2087c98
by Helen the Leaf Tailed Gecko 2014-04-01 22:59:15 UTC
commit 0dbe856a5847b390e69db8c4d6b81332e885d1c3
Chromium Fix CVE-2014-1718
cc/layers/texture_layer_impl.cc
+2 -2
cc/resources/texture_mailbox.cc
+3 -17
cc/resources/texture_mailbox.h
+1 -4
content/browser/renderer_host/render_widget_host_view_aura.cc
+1 -1
expand_less