diff options
author | ajuma <ajuma@chromium.org> | 2016-01-13 13:46:31 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-01-13 13:46:32 -0800 |
commit | f8aec588bfd2df17130ee93593a8f4ae781afe1f (patch) | |
tree | 1e351d951aa5cafd57155c59d968f5c4248c8451 /src/core/SkBuffer.cpp | |
parent | 97c40072b0ed5fdca3724ec79dd09d5467a981b5 (diff) |
Fix fuzzer-found deserialization bugs
This fixes deserialization bugs found by fuzzing SkPaintImageFilter.
BUG=576908,576910
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589533002
Review URL: https://codereview.chromium.org/1589533002
Diffstat (limited to 'src/core/SkBuffer.cpp')
-rw-r--r-- | src/core/SkBuffer.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/SkBuffer.cpp b/src/core/SkBuffer.cpp index 86c3bed3f1..df8dc69594 100644 --- a/src/core/SkBuffer.cpp +++ b/src/core/SkBuffer.cpp @@ -35,7 +35,7 @@ size_t SkRBuffer::skipToAlign4() } bool SkRBufferWithSizeCheck::read(void* buffer, size_t size) { - fError = fError || (fPos + size > fStop); + fError = fError || (size > static_cast<size_t>(fStop - fPos)); if (!fError && (size > 0)) { readNoSizeCheck(buffer, size); } |