image: guard against NewXxx integer overflow
Prior to this commit, NewXxx could panic when passed an image.Rectangle with one of width or height being negative. But it might not panic if both were negative, because (bpp * w * h) could still be positive. After this commit, it will panic if both are negative. With overflow, NewXxx might not have panicked if (bpp * w * h), the length passed to "make([]uint8, length)", was still non-negative (after truncation), but even if w and h were valid (non-negative), the overall byte slice wasn't long enough. Iterating over the pixels would possibly panic later with index out of bounds. This change moves the panic earlier, closer to where the mistake is. Change-Id: I011feb2d53515fc3f0fe72bb6c23b3953772c577 Reviewed-on: https://go-review.googlesource.com/c/go/+/230220 Reviewed-by:Rob Pike <r@golang.org>
Loading
Please sign in to comment