From f7f6d6409be37f76dc308902285d24806dc87ef2 Mon Sep 17 00:00:00 2001
From: Steve Block <steveblock@google.com>
Date: Wed, 16 Feb 2011 13:06:58 +0000
Subject: Merge WebKit at Chromium 9.0.597.106: Initial merge by Git

Note that we are tracking the Chromium 9.0.597 release branch,
which is WebKit r72805 + stability cherry picks.

This corresponds to r78455 on the 597 release branch.

Change-Id: I72375d9b61a767449086f0c9dc4105b2a6b62ddc
---
 WebCore/html/canvas/DataView.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'WebCore/html/canvas/DataView.h')

diff --git a/WebCore/html/canvas/DataView.h b/WebCore/html/canvas/DataView.h
index 0681341..1c76c28 100755
--- a/WebCore/html/canvas/DataView.h
+++ b/WebCore/html/canvas/DataView.h
@@ -75,7 +75,7 @@ private:
     DataView(PassRefPtr<ArrayBuffer>, unsigned byteOffset, unsigned byteLength);
 
     template<typename T>
-    inline bool beyondRange(unsigned byteOffset) const { return byteOffset + sizeof(T) > m_byteLength; }
+    inline bool beyondRange(unsigned byteOffset) const { return byteOffset >= m_byteLength || byteOffset + sizeof(T) > m_byteLength; }
 
     template<typename T>
     T getData(unsigned byteOffset, bool littleEndian, ExceptionCode&) const;
-- 
cgit v1.1