check for 0x8000 before calling abs

Bug: oss-fuzz:6124
Change-Id: I1897a4ce8f6e60bf93b9e6579725443763e8d287
Reviewed-on: https://skia-review.googlesource.com/125342
Reviewed-by: Florin Malita <fmalita@chromium.org>
Commit-Queue: Mike Reed <reed@google.com>

1 files changed, 9 insertions, 8 deletions

diff --git a/src/core/SkReadBuffer.cpp b/src/core/SkReadBuffer.cpp
index e4f8243401..48b6881b0a 100644
--- a/src/core/SkReadBuffer.cpp
+++ b/src/core/SkReadBuffer.cpp
@@ -280,18 +280,19 @@ sk_sp<SkImage> SkReadBuffer::readImage() {
     }
 
     int32_t size = this->read32();
-
-    // we used to negate the size for "custom" encoded images -- ignore that signal (Dec-2017)
-    size = SkAbs32(size);
-    if (size < 0) {
-        // size == 0x80000000, possible to get here only in Release builds;
-        // SkAbs32() would already have asserted in Debug builds.
+    if (size == SK_NaN32) {
+        // 0x80000000 is never valid, since it cannot be passed to abs().
         this->validate(false);
         return nullptr;
-    } else if (size == 0) {
+    }
+    if (size == 0) {
         // The image could not be encoded at serialization time - return an empty placeholder.
         return MakeEmptyImage(width, height);
-    } else if (size == 1) {
+    }
+
+    // we used to negate the size for "custom" encoded images -- ignore that signal (Dec-2017)
+    size = SkAbs32(size);
+    if (size == 1) {
         // legacy check (we stopped writing this for "raw" images Nov-2017)
         this->validate(false);
         return nullptr;