aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/core/SkPictureData.cpp
diff options
context:
space:
mode:
authorGravatar reed <reed@google.com>2014-11-12 09:25:25 -0800
committerGravatar Commit bot <commit-bot@chromium.org>2014-11-12 09:25:25 -0800
commitac6a2f964ee9821df6a4a8f3c46796322a4c37b8 (patch)
tree1ad3c2f0fad361dc2285d388b77fdf591b029089 /src/core/SkPictureData.cpp
parent257bf0f6f7b0c4f55e6eb9e0fa1290cd5c2fcf9f (diff)
detect bad bitmaps during deserialization
BUG=skia:3117 Review URL: https://codereview.chromium.org/718103002
Diffstat (limited to 'src/core/SkPictureData.cpp')
-rw-r--r--src/core/SkPictureData.cpp13
1 files changed, 10 insertions, 3 deletions
diff --git a/src/core/SkPictureData.cpp b/src/core/SkPictureData.cpp
index 0ccb7764c4..556e2a5d90 100644
--- a/src/core/SkPictureData.cpp
+++ b/src/core/SkPictureData.cpp
@@ -392,6 +392,7 @@ bool SkPictureData::parseStreamTag(SkStream* stream,
return false;
}
+ /* Should we use SkValidatingReadBuffer instead? */
SkReadBuffer buffer(storage.get(), size);
buffer.setFlags(pictInfoFlagsToReadBufferFlags(fInfo.fFlags));
buffer.setVersion(fInfo.fVersion);
@@ -400,13 +401,16 @@ bool SkPictureData::parseStreamTag(SkStream* stream,
fTFPlayback.setupBuffer(buffer);
buffer.setBitmapDecoder(proc);
- while (!buffer.eof()) {
+ while (!buffer.eof() && buffer.isValid()) {
tag = buffer.readUInt();
size = buffer.readUInt();
if (!this->parseBufferTag(buffer, tag, size)) {
return false;
}
}
+ if (!buffer.isValid()) {
+ return false;
+ }
SkDEBUGCODE(haveBuffer = true;)
} break;
}
@@ -421,8 +425,11 @@ bool SkPictureData::parseBufferTag(SkReadBuffer& buffer,
fBitmaps = SkTRefArray<SkBitmap>::Create(size);
for (int i = 0; i < count; ++i) {
SkBitmap* bm = &fBitmaps->writableAt(i);
- buffer.readBitmap(bm);
- bm->setImmutable();
+ if (buffer.readBitmap(bm)) {
+ bm->setImmutable();
+ } else {
+ return false;
+ }
}
} break;
case SK_PICT_PAINT_BUFFER_TAG: {
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 08:20:12 +0000