diff options
author | Kevin Lubick <kjlubick@google.com> | 2018-05-17 11:29:10 -0400 |
---|---|---|
committer | Skia Commit-Bot <skia-commit-bot@chromium.org> | 2018-05-17 15:50:53 +0000 |
commit | daebae965b530039efcc508f50b42c3e6ecb70e4 (patch) | |
tree | ae89fc820b58ee2c54302d38726a7a3b2da1f52c /src/core/SkPictureData.cpp | |
parent | a33b67c36bcdf70221c459a5fcfec48055f66505 (diff) |
Return nullptr when ReadBuffer becomes invalid
This especially helps in SkDrawLooper because we can bail out early
instead of looping for a potentially long time, e.g. when fuzzed
input says count is a large number.
This also cleans up validate in a few spots, and adds validateCanReadN
as a helper function.
Bug: skia:7937
Change-Id: Ic5eff357c8cadc91eeafc6e39c78c570ba74df2f
Reviewed-on: https://skia-review.googlesource.com/128847
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Mike Klein <mtklein@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
Reviewed-by: Florin Malita <fmalita@chromium.org>
Diffstat (limited to 'src/core/SkPictureData.cpp')
-rw-r--r-- | src/core/SkPictureData.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/SkPictureData.cpp b/src/core/SkPictureData.cpp index 571c6d7b35..efd41837d9 100644 --- a/src/core/SkPictureData.cpp +++ b/src/core/SkPictureData.cpp @@ -427,7 +427,7 @@ void SkPictureData::parseBufferTag(SkReadBuffer& buffer, uint32_t tag, uint32_t case SK_PICT_READER_TAG: { // Preflight check that we can initialize all data from the buffer // before allocating it. - if (!buffer.validate(size <= buffer.available())) { + if (!buffer.validateCanReadN<uint8_t>(size)) { return; } auto data(SkData::MakeUninitialized(size)); |