diff options
author | 2016-06-28 09:04:34 -0700 | |
---|---|---|
committer | 2016-06-28 09:04:34 -0700 | |
commit | 74139f1b49d02b38006170c3e50439c1b33b175f (patch) | |
tree | 3cd0f91864e139eb5fc413b013142979b3f8242d /src/core/SkPicturePlayback.cpp | |
parent | ab527a5bbfb1eae4f99a1435d349a44d00477d82 (diff) |
Address two fuzzer bugs:
SkImageInfos that were made invalid weren't being caught
Messing with the size of a SAVE record wasn't being caught
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2104973003
Review-Url: https://codereview.chromium.org/2104973003
Diffstat (limited to 'src/core/SkPicturePlayback.cpp')
-rw-r--r-- | src/core/SkPicturePlayback.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/core/SkPicturePlayback.cpp b/src/core/SkPicturePlayback.cpp index 36d385c095..3cbcdbbd2f 100644 --- a/src/core/SkPicturePlayback.cpp +++ b/src/core/SkPicturePlayback.cpp @@ -543,8 +543,9 @@ void SkPicturePlayback::handleOp(SkReadBuffer* reader, case SAVE: // SKPs with version < 29 also store a SaveFlags param. if (size > 4) { - SkASSERT(8 == size); - reader->readInt(); + if (reader->validate(8 == size)) { + reader->readInt(); + } } canvas->save(); break; |