Workaround bad bitmaps in clibpoard code

- Some bitmaps end up with a NULL getPixels(). Don't try to copy ot of that.
- Only try to copy 32-bit bitmaps
- Protect against overflow in size computation

BUG=369621

Review URL: https://codereview.chromium.org/289573002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@271730 0039d316-1c4b-4281-b951-d872f2087c98

content/renderer/renderer_clipboard_client.cc

@@ -7,6 +7,7 @@
 #include "content/renderer/renderer_clipboard_client.h"
 
 #include "base/memory/shared_memory.h"
+#include "base/numerics/safe_math.h"
 #include "base/strings/string16.h"
 #include "content/common/clipboard_messages.h"
 #include "content/public/renderer/content_renderer_client.h"
@@ -49,7 +50,13 @@ void RendererClipboardWriteContext::WriteBitmapFromPixels(
   if (shared_buf_)
     return;
 
-  uint32 buf_size = 4 * size.width() * size.height();
+  base::CheckedNumeric<uint32> checked_buf_size = 4;
+  checked_buf_size *= size.width();
+  checked_buf_size *= size.height();
+  if (!checked_buf_size.IsValid())
+    return;
+
+  uint32 buf_size = checked_buf_size.ValueOrDie();
 
   // Allocate a shared memory buffer to hold the bitmap bits.
   shared_buf_.reset(ChildThread::current()->AllocateSharedMemory(buf_size));

content/renderer/webclipboard_impl.cc

@@ -155,8 +155,15 @@ void WebClipboardImpl::writeImage(const WebImage& image,
 
   if (!image.isNull()) {
     const SkBitmap& bitmap = image.getSkBitmap();
+    // WriteBitmapFromPixels expects 32-bit data.
+    DCHECK_EQ(bitmap.config(), SkBitmap::kARGB_8888_Config);
+
     SkAutoLockPixels locked(bitmap);
-    scw.WriteBitmapFromPixels(bitmap.getPixels(), image.size());
+    void *pixels = bitmap.getPixels();
+    // TODO(piman): this should not be NULL, but it is. crbug.com/369621
+    if (!pixels)
+      return;
+    scw.WriteBitmapFromPixels(pixels, image.size());
   }
 
   if (!url.isEmpty()) {