check for bad xIntervals before multiply

Bug: oss-fuzz:6120 Change-Id: Icbd464352ad8ef1d35d274da049bc3424ccfa4d4 Reviewed-on: https://skia-review.googlesource.com/125420 Reviewed-by: Florin Malita <fmalita@chromium.org> Commit-Queue: Mike Reed <reed@google.com>
author: Mike Reed <reed@google.com> 2018-05-02 14:58:36 -0400
committer: Skia Commit-Bot <skia-commit-bot@chromium.org> 2018-05-02 19:43:08 +0000
commit: 8345556983997960b2bbb68617619b1f65b50601 (patch)
tree: 9c8fd5b1aa065544d55456740bcd800b63ef7d9e
parent: f4f06ada607a9864111e5c1b7e22a1af6a6cda5d (diff)
1 files changed, 1 insertions, 4 deletions
diff --git a/src/core/SkRegion.cpp b/src/core/SkRegion.cpp
index 080b148e47..a7e04fc8c4 100644
--- a/src/core/SkRegion.cpp
+++ b/src/core/SkRegion.cpp
@@ -1234,13 +1234,10 @@ static bool validate_run(const int32_t* runs,
 
         int32_t xIntervals = *runs++;
         SkASSERT(runs < end);
-        if (xIntervals < 0 || runs + 1 + 2 * xIntervals > end) {
+        if (xIntervals < 0 || xIntervals > intervalCount || runs + 1 + 2 * xIntervals > end) {
             return false;
         }
         intervalCount -= xIntervals;
-        if (intervalCount < 0) {
-            return false;  // too many intervals
-        }
         bool firstInterval = true;
         int32_t lastRight = 0;  // check that x-intervals are distinct and ordered.
         while (xIntervals-- > 0) {
author	Mike Reed <reed@google.com>	2018-05-02 14:58:36 -0400
committer	Skia Commit-Bot <skia-commit-bot@chromium.org>	2018-05-02 19:43:08 +0000
commit	8345556983997960b2bbb68617619b1f65b50601 (patch)
tree	9c8fd5b1aa065544d55456740bcd800b63ef7d9e
parent	f4f06ada607a9864111e5c1b7e22a1af6a6cda5d (diff)