diff options
Diffstat (limited to 'main/webkit/cve-2010-2900.patch')
| -rw-r--r-- | main/webkit/cve-2010-2900.patch | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/main/webkit/cve-2010-2900.patch b/main/webkit/cve-2010-2900.patch deleted file mode 100644 index 1420be2a0a..0000000000 --- a/main/webkit/cve-2010-2900.patch +++ /dev/null @@ -1,29 +0,0 @@ -description: fix cve-2010-2900 -author: Michael Gilbert <michael.s.gilbert@gmail.com> -origin: http://trac.webkit.org/changeset/63219 -Index: webkit-1.2.4/WebCore/html/HTMLCanvasElement.cpp -=================================================================== ---- webkit-1.2.4.orig/WebCore/html/HTMLCanvasElement.cpp 2010-09-06 22:28:56.000000000 -0400 -+++ webkit-1.2.4/WebCore/html/HTMLCanvasElement.cpp 2010-09-06 22:29:28.000000000 -0400 -@@ -64,6 +64,9 @@ - // in exchange for a smaller maximum canvas size. - const float HTMLCanvasElement::MaxCanvasArea = 32768 * 8192; // Maximum canvas area in CSS pixels - -+//In Skia, we will also limit width/height to 32767. -+static const float MaxSkiaDim = 32767.0F; // Maximum width/height in CSS pixels. -+ - HTMLCanvasElement::HTMLCanvasElement(const QualifiedName& tagName, Document* doc) - : HTMLElement(tagName, doc) - , m_size(defaultWidth, defaultHeight) -@@ -293,6 +296,11 @@ - if (!(wf >= 1 && hf >= 1 && wf * hf <= MaxCanvasArea)) - return IntSize(); - -+#if PLATFORM(SKIA) -+ if (wf > MaxSkiaDim || hf > MaxSkiaDim) -+ return IntSize(); -+#endif -+ - return IntSize(static_cast<unsigned>(wf), static_cast<unsigned>(hf)); - } - |