diff --git a/content/renderer/renderer_clipboard_client.cc b/content/renderer/renderer_clipboard_client.cc
index c1c7c966167da..e4f275c92ebd2 100644
--- a/content/renderer/renderer_clipboard_client.cc
+++ b/content/renderer/renderer_clipboard_client.cc
@@ -7,6 +7,7 @@
 #include "content/renderer/renderer_clipboard_client.h"
 
 #include "base/memory/shared_memory.h"
+#include "base/numerics/safe_math.h"
 #include "base/strings/string16.h"
 #include "content/common/clipboard_messages.h"
 #include "content/public/renderer/content_renderer_client.h"
@@ -49,7 +50,13 @@ void RendererClipboardWriteContext::WriteBitmapFromPixels(
   if (shared_buf_)
     return;
 
-  uint32 buf_size = 4 * size.width() * size.height();
+  base::CheckedNumeric<uint32> checked_buf_size = 4;
+  checked_buf_size *= size.width();
+  checked_buf_size *= size.height();
+  if (!checked_buf_size.IsValid())
+    return;
+
+  uint32 buf_size = checked_buf_size.ValueOrDie();
 
   // Allocate a shared memory buffer to hold the bitmap bits.
   shared_buf_.reset(ChildThread::current()->AllocateSharedMemory(buf_size));
diff --git a/content/renderer/webclipboard_impl.cc b/content/renderer/webclipboard_impl.cc
index 317ec7d283d70..663d6f064f240 100644
--- a/content/renderer/webclipboard_impl.cc
+++ b/content/renderer/webclipboard_impl.cc
@@ -155,8 +155,15 @@ void WebClipboardImpl::writeImage(const WebImage& image,
 
   if (!image.isNull()) {
     const SkBitmap& bitmap = image.getSkBitmap();
+    // WriteBitmapFromPixels expects 32-bit data.
+    DCHECK_EQ(bitmap.config(), SkBitmap::kARGB_8888_Config);
+
     SkAutoLockPixels locked(bitmap);
-    scw.WriteBitmapFromPixels(bitmap.getPixels(), image.size());
+    void *pixels = bitmap.getPixels();
+    // TODO(piman): this should not be NULL, but it is. crbug.com/369621
+    if (!pixels)
+      return;
+    scw.WriteBitmapFromPixels(pixels, image.size());
   }
 
   if (!url.isEmpty()) {