GitLab

ClusterFuzz found an issue in
RasterDecoderImpl::DoReadbackImagePixelsINTERNAL. When |row_bytes| is
very large, SkImageInfo::computeByteSize() can return a 64bit integer
larger than UINT32_MAX. Since GetSharedMemoryAs() takes a 32bit integer
for |size|, the int is truncated, resulting in an incorrect value. This
change ensures that the result of computeByteSize() is < UINT32_MAX.

This change also addresses the same potential case in
RasterDecoderImpl::DoWritePixelsINTERNAL.

Bug: 1114500
Change-Id: I5cd3acfaac788e97353e0da866b63f694e326e2a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2353402Reviewed-by: Khushal <khushalsagar@chromium.org>
Commit-Queue: Jonah Chin <jochin@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#797842}