Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-30 16:22:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1891583 - Sanitize better broken GetClientHeight values. r=sotaro

Browse Source 
I don't see how this can happen other than GetClientHeight giving us a
negative width / height (wtf), or somehow huge sizes that end up
overflowing into a negative number.

My patch avoided messing with the window decorations when switching
transparent windows, which could potentially trigger this I guess.

In any case this should be safe (because we deal with it in
PresentToWindow).

Differential Revision: https://phabricator.services.mozilla.com/D207509
This commit is contained in:
Emilio Cobos Álvarez 2024-04-17 12:26:06 +00:00
parent db3ca28481
commit 1ff52b5aae
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
widget/windows/RemoteBackbuffer.cpp
View File

@ -89,6 +89,8 @@ class SharedImage {
}
bool Initialize(int32_t aWidth, int32_t aHeight) {
MOZ_ASSERT(aWidth);
MOZ_ASSERT(aHeight);
MOZ_ASSERT(aWidth > 0);
MOZ_ASSERT(aHeight > 0);
@ -183,9 +185,9 @@ class SharedImage {
}
}
int32_t GetWidth() { return mWidth; }
int32_t GetWidth() const { return mWidth; }
int32_t GetHeight() { return mHeight; }
int32_t GetHeight() const { return mHeight; }
SharedImage(const SharedImage&) = delete;
SharedImage(SharedImage&&) = delete;
@ -515,7 +517,7 @@ void Provider::HandleBorrowRequest(BorrowResponseData* aResponseData,
aResponseData->result = ResponseResult::Error;
RECT clientRect = {};
RECT clientRect{};
if (!::GetClientRect(mWindowHandle, &clientRect)) {
return;
}
@ -523,12 +525,12 @@ void Provider::HandleBorrowRequest(BorrowResponseData* aResponseData,
MOZ_ASSERT(clientRect.left == 0);
MOZ_ASSERT(clientRect.top == 0);
int32_t width = clientRect.right ? clientRect.right : 1;
int32_t height = clientRect.bottom ? clientRect.bottom : 1;
const int32_t width = std::max(int32_t(clientRect.right), 1);
const int32_t height = std::max(int32_t(clientRect.bottom), 1);
bool needNewBackbuffer = !aAllowSameBuffer || !mBackbuffer ||
(mBackbuffer->GetWidth() != width) ||
(mBackbuffer->GetHeight() != height);
mBackbuffer->GetWidth() != width ||
mBackbuffer->GetHeight() != height;
if (!needNewBackbuffer) {
aResponseData->result = ResponseResult::BorrowSameBuffer;