Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.

BUG= R=reed@google.com, mtklein@google.com, senorblanco@chromium.org Committed: https://code.google.com/p/skia/source/detail?r=12114 Committed: https://code.google.com/p/skia/source/detail?r=12119 Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/41253002 git-svn-id: http://skia.googlecode.com/svn/trunk@12130 2bbb7eff-a529-9590-31e7-b0007b416f81
author: commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> 2013-11-05 15:46:56 +0000
committer: commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> 2013-11-05 15:46:56 +0000
commit: 4faa869cdabbdcf4867118b4a1272296baaeeb52 (patch)
tree: 98283bc90add39d00d98ac4dfde9af051816637a /src/core/SkBuffer.cpp
parent: fedf13d73a6d6f1921ce5f449bb6e34e9d8e14e4 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/core/SkBuffer.cpp b/src/core/SkBuffer.cpp
index 915264d957..32a8011ac7 100644
--- a/src/core/SkBuffer.cpp
+++ b/src/core/SkBuffer.cpp
@@ -34,6 +34,13 @@ size_t SkRBuffer::skipToAlign4()
     return n;
 }
 
+void SkRBufferWithSizeCheck::read(void* buffer, size_t size) {
+    fError = fError || (fPos + size > fStop);
+    if (!fError && (size > 0)) {
+        readNoSizeCheck(buffer, size);
+    }
+}
+
 void* SkWBuffer::skip(size_t size)
 {
     void* result = fPos;
author	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	2013-11-05 15:46:56 +0000
committer	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	2013-11-05 15:46:56 +0000
commit	4faa869cdabbdcf4867118b4a1272296baaeeb52 (patch)
tree	98283bc90add39d00d98ac4dfde9af051816637a /src/core/SkBuffer.cpp
parent	fedf13d73a6d6f1921ce5f449bb6e34e9d8e14e4 (diff)