Commit 5c2a8899 authored by ddkilzer@apple.com's avatar ddkilzer@apple.com
Browse files

Bug 21781: WebCore::Settings should have a maximum decoded image size setting

        <https://bugs.webkit.org/show_bug.cgi?id=21781>

        Reviewed by Antti.

        No tests since there is no change in behavior.

        * loader/CachedImage.cpp:
        (WebCore::CachedImage::maximumDecodedImageSize): Added.  Returns
        WebCore::Settings::maximumDecodedImageSize() or 0 on error.
        (WebCore::CachedImage::data): Flag an error if the image being
        loaded is too big.
        * loader/CachedImage.h:
        (WebCore::CachedImage::maximumDecodedImageSize): Added declaration.
        * page/Settings.cpp:
        (WebCore::Settings::Settings): Initialize m_maximumDecodedImageSize
        to the maximum value of size_t.
        * page/Settings.h:
        (WebCore::Settings::setMaximumDecodedImageSize): Added method.
        (WebCore::Settings::maximumDecodedImageSize): Ditto.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@37803 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 5b96a794
2008-10-22 David Kilzer <ddkilzer@apple.com>
Bug 21781: WebCore::Settings should have a maximum decoded image size setting
<https://bugs.webkit.org/show_bug.cgi?id=21781>
Reviewed by Antti.
No tests since there is no change in behavior.
* loader/CachedImage.cpp:
(WebCore::CachedImage::maximumDecodedImageSize): Added. Returns
WebCore::Settings::maximumDecodedImageSize() or 0 on error.
(WebCore::CachedImage::data): Flag an error if the image being
loaded is too big.
* loader/CachedImage.h:
(WebCore::CachedImage::maximumDecodedImageSize): Added declaration.
* page/Settings.cpp:
(WebCore::Settings::Settings): Initialize m_maximumDecodedImageSize
to the maximum value of size_t.
* page/Settings.h:
(WebCore::Settings::setMaximumDecodedImageSize): Added method.
(WebCore::Settings::maximumDecodedImageSize): Ditto.
2008-10-22 Mike Pinkerton <pinkerton@chromium.org>
 
Reviewed by Dan Bernstein.
......
......@@ -29,8 +29,10 @@
#include "CachedResourceClient.h"
#include "CachedResourceClientWalker.h"
#include "DocLoader.h"
#include "Frame.h"
#include "FrameView.h"
#include "Request.h"
#include "Settings.h"
#include "SystemTime.h"
#include <wtf/Vector.h>
......@@ -238,6 +240,15 @@ inline void CachedImage::createImage()
m_image = BitmapImage::create(this);
}
size_t CachedImage::maximumDecodedImageSize()
{
Frame* frame = m_request ? m_request->docLoader()->frame() : 0;
if (!frame)
return 0;
Settings* settings = frame->settings();
return settings ? settings->maximumDecodedImageSize() : 0;
}
void CachedImage::data(PassRefPtr<SharedBuffer> data, bool allDataReceived)
{
m_data = data;
......@@ -256,8 +267,10 @@ void CachedImage::data(PassRefPtr<SharedBuffer> data, bool allDataReceived)
// network causes observers to repaint, which will force that chunk
// to decode.
if (sizeAvailable || allDataReceived) {
if (m_image->isNull()) {
// FIXME: I'm not convinced this case can even be hit.
size_t maxDecodedImageSize = maximumDecodedImageSize();
IntSize s = imageSize(1.0f);
size_t estimatedDecodedImageSize = s.width() * s.height() * 4; // no overflow check
if (m_image->isNull() || (maxDecodedImageSize > 0 && estimatedDecodedImageSize > maxDecodedImageSize)) {
error();
if (inCache())
cache()->remove(this);
......
......@@ -88,6 +88,7 @@ public:
private:
void createImage();
size_t maximumDecodedImageSize();
void notifyObservers();
void decodedDataDeletionTimerFired(Timer<CachedImage>*);
......
......@@ -168,7 +168,7 @@ protected:
void setEncodedSize(unsigned);
void setDecodedSize(unsigned);
void didAccessDecodedData(double timeStamp);
HashCountedSet<CachedResourceClient*> m_clients;
String m_url;
......
......@@ -32,6 +32,7 @@
#include "JavaScriptDebugServer.h"
#include "Page.h"
#include "PageCache.h"
#include <limits>
#if ENABLE(DATABASE)
#include "DatabaseTracker.h"
......@@ -86,6 +87,7 @@ Settings::Settings(Page* page)
, m_shouldPaintCustomScrollbars(false)
, m_zoomsTextOnly(false)
, m_enforceCSSMIMETypeInStrictMode(true)
, m_maximumDecodedImageSize(std::numeric_limits<size_t>::max())
{
// A Frame may not have been created yet, so we initialize the AtomicString
// hash before trying to use it.
......
......@@ -174,7 +174,10 @@ namespace WebCore {
void setEnforceCSSMIMETypeInStrictMode(bool);
bool enforceCSSMIMETypeInStrictMode() { return m_enforceCSSMIMETypeInStrictMode; }
void setMaximumDecodedImageSize(size_t size) { m_maximumDecodedImageSize = size; }
size_t maximumDecodedImageSize() const { return m_maximumDecodedImageSize; }
#if USE(SAFARI_THEME)
// Windows debugging pref (global) for switching between the Aqua look and a native windows look.
static void setShouldPaintNativeControls(bool);
......@@ -229,6 +232,7 @@ namespace WebCore {
bool m_shouldPaintCustomScrollbars : 1;
bool m_zoomsTextOnly : 1;
bool m_enforceCSSMIMETypeInStrictMode : 1;
size_t m_maximumDecodedImageSize;
#if USE(SAFARI_THEME)
static bool gShouldPaintNativeControls;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment