aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorGravatar Herb Derby <herb@google.com>2017-01-23 16:57:09 -0500
committerGravatar Skia Commit-Bot <skia-commit-bot@chromium.org>2017-01-23 22:59:01 +0000
commitf887f8a8473f226bdfa5f81e4c54c9fd1a50b413 (patch)
tree2ae92e8589150f0b2da0d69d93d4d4a602c51292
parenta19f024953f8b85b5f5fbda759d74c75514ea515 (diff)
Fix comparison that overflows for addresses near uint max.
- Fix Assert TBR=mtklein@google.com BUG=chromium:683578 Change-Id: Iba503d1febace367c71f79a3b9accc0ec3e50f11 Reviewed-on: https://skia-review.googlesource.com/7418 Reviewed-by: Herb Derby <herb@google.com> Commit-Queue: Herb Derby <herb@google.com>
Diffstat
-rw-r--r--src/core/SkArenaAlloc.cpp6
-rw-r--r--src/core/SkArenaAlloc.h2
2 files changed, 5 insertions, 3 deletions
diff --git a/src/core/SkArenaAlloc.cpp b/src/core/SkArenaAlloc.cpp
index 5ac08dcdc3..4a88813485 100644
--- a/src/core/SkArenaAlloc.cpp
+++ b/src/core/SkArenaAlloc.cpp
@@ -123,7 +123,7 @@ void SkArenaAlloc::ensureSpace(size_t size, size_t alignment) {
char* SkArenaAlloc::allocObject(size_t size, size_t alignment) {
size_t mask = alignment - 1;
char* objStart = (char*)((uintptr_t)(fCursor + mask) & ~mask);
- if (objStart + size > fEnd) {
+ if ((ptrdiff_t)size > fEnd - objStart) {
this->ensureSpace(size, alignment);
objStart = (char*)((uintptr_t)(fCursor + mask) & ~mask);
}
@@ -142,12 +142,12 @@ restart:
char* objStart = (char*)((uintptr_t)(fCursor + skipOverhead + mask) & ~mask);
size_t totalSize = sizeIncludingFooter + skipOverhead;
- if (objStart + totalSize > fEnd) {
+ if ((ptrdiff_t)totalSize > fEnd - objStart) {
this->ensureSpace(totalSize, alignment);
goto restart;
}
- SkASSERT(objStart + totalSize <= fEnd);
+ SkASSERT((ptrdiff_t)totalSize <= fEnd - objStart);
// Install a skip footer if needed, thus terminating a run of POD data. The calling code is
// responsible for installing the footer after the object.
diff --git a/src/core/SkArenaAlloc.h b/src/core/SkArenaAlloc.h
index 532b45aa25..cd582a9ffe 100644
--- a/src/core/SkArenaAlloc.h
+++ b/src/core/SkArenaAlloc.h
@@ -68,6 +68,7 @@ public:
template <typename T, typename... Args>
T* make(Args&&... args) {
+ SkASSERT(SkTFitsIn<uint32_t>(sizeof(T)));
char* objStart;
if (skstd::is_trivially_destructible<T>::value) {
objStart = this->allocObject(sizeof(T), alignof(T));
@@ -139,6 +140,7 @@ private:
SkASSERT(SkTFitsIn<uint32_t>(count));
char* objStart;
size_t arraySize = count * sizeof(T);
+ SkASSERT(SkTFitsIn<uint32_t>(arraySize));
if (skstd::is_trivially_destructible<T>::value) {
objStart = this->allocObject(arraySize, alignof(T));
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-13 02:12:51 +0000