Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.

BUG=
R=reed@google.com, mtklein@google.com, senorblanco@chromium.org

Committed: https://code.google.com/p/skia/source/detail?r=12114

Committed: https://code.google.com/p/skia/source/detail?r=12119

Author: sugoi@chromium.org

Review URL: https://codereview.chromium.org/41253002

git-svn-id: http://skia.googlecode.com/svn/trunk@12130 2bbb7eff-a529-9590-31e7-b0007b416f81

1 files changed, 8 insertions, 5 deletions

diff --git a/include/core/SkRegion.h b/include/core/SkRegion.h
index a088d54620..c9aa8daf88 100644
--- a/include/core/SkRegion.h
+++ b/include/core/SkRegion.h
@@ -361,13 +361,16 @@ public:
      *  Write the region to the buffer, and return the number of bytes written.
      *  If buffer is NULL, it still returns the number of bytes.
      */
-    uint32_t writeToMemory(void* buffer) const;
-
+    size_t writeToMemory(void* buffer) const;
     /**
-     *  Initialized the region from the buffer, returning the number
-     *  of bytes actually read.
+     * Initializes the region from the buffer
+     *
+     * @param buffer Memory to read from
+     * @param length Amount of memory available in the buffer
+     * @return number of bytes read (must be a multiple of 4) or
+     *         0 if there was not enough memory available
      */
-    uint32_t readFromMemory(const void* buffer);
+    size_t readFromMemory(const void* buffer, size_t length);
 
     /**
      *  Returns a reference to a global empty region. Just a convenience for