diff options
| author |  Mike Reed <reed@google.com> | 2018-01-18 15:57:38 -0500 |
|---|---|---|
| committer |  Skia Commit-Bot <skia-commit-bot@chromium.org> | 2018-01-18 21:14:19 +0000 |
| commit | e97e792c79afd01fe1d83e5d1e94918145794c54 (patch) | |
| tree | 43dc60bf6ddffa55b0bd86a1a4a17f8819b21aca /src/core/SkPaint.cpp | |
| parent | 9ca27849d8259e4b35243094bdca969612efba2f (diff) | |
validate paint setters in readbuffer
Bug: skia:7425
Change-Id: I55213bc206cf5cfb8cbf4fbe8a682efd6eae59fa
Reviewed-on: https://skia-review.googlesource.com/96860
Commit-Queue: Mike Reed <reed@google.com>
Reviewed-by: Herb Derby <herb@google.com>
Diffstat (limited to 'src/core/SkPaint.cpp')
| -rw-r--r-- | src/core/SkPaint.cpp | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/src/core/SkPaint.cpp b/src/core/SkPaint.cpp index d659b41410..7c3edb3fe2 100644 --- a/src/core/SkPaint.cpp +++ b/src/core/SkPaint.cpp @@ -24,6 +24,7 @@ #include "SkPaintDefaults.h" #include "SkPathEffect.h" #include "SkRasterizer.h" +#include "SkSafeRange.h" #include "SkScalar.h" #include "SkScalerContext.h" #include "SkShader.h" @@ -1911,7 +1912,9 @@ void SkPaint::flatten(SkWriteBuffer& buffer) const { } } -void SkPaint::unflatten(SkReadBuffer& buffer) { +bool SkPaint::unflatten(SkReadBuffer& buffer) { + SkSafeRange safe; + this->setTextSize(buffer.readScalar()); this->setTextScaleX(buffer.readScalar()); this->setTextSkewX(buffer.readScalar()); @@ -1922,11 +1925,11 @@ void SkPaint::unflatten(SkReadBuffer& buffer) { unsigned flatFlags = unpack_paint_flags(this, buffer.readUInt()); uint32_t tmp = buffer.readUInt(); - this->setStrokeCap(static_cast<Cap>((tmp >> 24) & 0xFF)); - this->setStrokeJoin(static_cast<Join>((tmp >> 16) & 0xFF)); - this->setStyle(static_cast<Style>((tmp >> 12) & 0xF)); - this->setTextEncoding(static_cast<TextEncoding>((tmp >> 8) & 0xF)); - this->setBlendMode((SkBlendMode)(tmp & 0xFF)); + this->setStrokeCap(safe.checkLE((tmp >> 24) & 0xFF, kLast_Cap)); + this->setStrokeJoin(safe.checkLE((tmp >> 16) & 0xFF, kLast_Join)); + this->setStyle(safe.checkLE((tmp >> 12) & 0xF, kStrokeAndFill_Style)); + this->setTextEncoding(safe.checkLE((tmp >> 8) & 0xF, kGlyphID_TextEncoding)); + this->setBlendMode(safe.checkLE(tmp & 0xFF, SkBlendMode::kLastMode)); if (flatFlags & kHasTypeface_FlatFlag) { this->setTypeface(buffer.readTypeface()); @@ -1951,6 +1954,12 @@ void SkPaint::unflatten(SkReadBuffer& buffer) { this->setLooper(nullptr); this->setImageFilter(nullptr); } + + if (!buffer.validate(safe)) { + this->reset(); + return false; + } + return true; } /////////////////////////////////////////////////////////////////////////////// |