Fix an overflow in WebCursor.
I also added log message just in case a user has an issue with erroneous but unmalicious web cursor.
BUG=565023
Review URL: https://codereview.chromium.org/1498903003
Cr-Commit-Position: refs/heads/master@{#363136}
diff --git a/content/common/cursors/webcursor.cc b/content/common/cursors/webcursor.cc
index faa6d703..b2dfcdf 100644
--- a/content/common/cursors/webcursor.cc
+++ b/content/common/cursors/webcursor.cc
@@ -112,8 +112,12 @@
if (size_x > 0 && size_y > 0) {
// The * 4 is because the expected format is an array of RGBA pixel
// values.
- if (size_x * size_y * 4 > data_len)
+ if (size_x * size_y * 4 != data_len) {
+ LOG(WARNING) << "WebCursor's data length and image size mismatch: "
+ << size_x << "x" << size_y << "x4 != "
+ << data_len;
return false;
+ }
hotspot_.set_x(hotspot_x);
hotspot_.set_y(hotspot_y);