diff options
author | commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> | 2013-11-05 15:46:56 +0000 |
---|---|---|
committer | commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> | 2013-11-05 15:46:56 +0000 |
commit | 4faa869cdabbdcf4867118b4a1272296baaeeb52 (patch) | |
tree | 98283bc90add39d00d98ac4dfde9af051816637a /src/core/SkBuffer.cpp | |
parent | fedf13d73a6d6f1921ce5f449bb6e34e9d8e14e4 (diff) |
Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.
BUG=
R=reed@google.com, mtklein@google.com, senorblanco@chromium.org
Committed: https://code.google.com/p/skia/source/detail?r=12114
Committed: https://code.google.com/p/skia/source/detail?r=12119
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/41253002
git-svn-id: http://skia.googlecode.com/svn/trunk@12130 2bbb7eff-a529-9590-31e7-b0007b416f81
Diffstat (limited to 'src/core/SkBuffer.cpp')
-rw-r--r-- | src/core/SkBuffer.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/core/SkBuffer.cpp b/src/core/SkBuffer.cpp index 915264d957..32a8011ac7 100644 --- a/src/core/SkBuffer.cpp +++ b/src/core/SkBuffer.cpp @@ -34,6 +34,13 @@ size_t SkRBuffer::skipToAlign4() return n; } +void SkRBufferWithSizeCheck::read(void* buffer, size_t size) { + fError = fError || (fPos + size > fStop); + if (!fError && (size > 0)) { + readNoSizeCheck(buffer, size); + } +} + void* SkWBuffer::skip(size_t size) { void* result = fPos; |