Fixed more fuzzer issues

- Added the "isAvailable" function to check how much bytes are remaining in the stream before doing potentially large mallocs. That way, we can signal a bad stream instead of crashing.
- Added data validation in SkImageInfo.cpp
- Added NULL pointer check in displacement
- Modified the fuzzer for randomized bitmap types

BUG=328934,329254
R=senorblanco@google.com, senorblanco@chromium.org, reed@google.com, sugoi@google.com

Author: sugoi@chromium.org

Review URL: https://codereview.chromium.org/116773002

git-svn-id: http://skia.googlecode.com/svn/trunk@12723 2bbb7eff-a529-9590-31e7-b0007b416f81

1 files changed, 15 insertions, 2 deletions

diff --git a/include/core/SkFlattenableBuffers.h b/include/core/SkFlattenableBuffers.h
index 00cb77a8d3..aa61f21a7b 100644
--- a/include/core/SkFlattenableBuffers.h
+++ b/include/core/SkFlattenableBuffers.h
@@ -139,8 +139,13 @@ public:
 
     SkData* readByteArrayAsData() {
         size_t len = this->getArrayCount();
-        void* buffer = sk_malloc_throw(len);
-        (void)this->readByteArray(buffer, len);
+        void* buffer = NULL;
+        if (this->validateAvailable(len)) {
+            buffer = sk_malloc_throw(len);
+            (void)this->readByteArray(buffer, len);
+        } else {
+            len = 0;
+        }
         return SkData::NewFromMalloc(buffer, len);
     }
 
@@ -160,6 +165,14 @@ public:
       */
     virtual bool isValid() const { return true; }
 
+    /** This function returns true by default
+      * If isValidating() is true, it will return whether there's
+      * at least "size" memory left to read in the stream.
+      *
+      * @param size amount of memory that should still be available
+      */
+    virtual bool validateAvailable(size_t size) { return true; }
+
 private:
     template <typename T> T* readFlattenableT();
     uint32_t fFlags;