Fix fuzzer-found deserialization bugs

This fixes deserialization bugs found by fuzzing SkPaintImageFilter. BUG=576908,576910 GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589533002 Review URL: https://codereview.chromium.org/1589533002
author: ajuma <ajuma@chromium.org> 2016-01-13 13:46:31 -0800
committer: Commit bot <commit-bot@chromium.org> 2016-01-13 13:46:32 -0800
commit: f8aec588bfd2df17130ee93593a8f4ae781afe1f (patch)
tree: 1e351d951aa5cafd57155c59d968f5c4248c8451 /src/core/SkBuffer.cpp
parent: 97c40072b0ed5fdca3724ec79dd09d5467a981b5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/SkBuffer.cpp b/src/core/SkBuffer.cpp
index 86c3bed3f1..df8dc69594 100644
--- a/src/core/SkBuffer.cpp
+++ b/src/core/SkBuffer.cpp
@@ -35,7 +35,7 @@ size_t SkRBuffer::skipToAlign4()
 }
 
 bool SkRBufferWithSizeCheck::read(void* buffer, size_t size) {
-    fError = fError || (fPos + size > fStop);
+    fError = fError || (size > static_cast<size_t>(fStop - fPos));
     if (!fError && (size > 0)) {
         readNoSizeCheck(buffer, size);
     }
author	ajuma <ajuma@chromium.org>	2016-01-13 13:46:31 -0800
committer	Commit bot <commit-bot@chromium.org>	2016-01-13 13:46:32 -0800
commit	f8aec588bfd2df17130ee93593a8f4ae781afe1f (patch)
tree	1e351d951aa5cafd57155c59d968f5c4248c8451 /src/core/SkBuffer.cpp
parent	97c40072b0ed5fdca3724ec79dd09d5467a981b5 (diff)