diff options
author | Mike Reed <reed@google.com> | 2018-05-02 13:08:06 -0400 |
---|---|---|
committer | Skia Commit-Bot <skia-commit-bot@chromium.org> | 2018-05-02 17:47:38 +0000 |
commit | 1c2a5892f1ba41b56abe3ec629ef197a905bcefe (patch) | |
tree | ba40bbfbe782c8a77760bea38b8e716a3d520fd4 /src/core/SkReadBuffer.cpp | |
parent | 2ea84709414c950b01efeaf3b8aa9017e17a609d (diff) |
check for 0x8000 before calling abs
Bug: oss-fuzz:6124
Change-Id: I1897a4ce8f6e60bf93b9e6579725443763e8d287
Reviewed-on: https://skia-review.googlesource.com/125342
Reviewed-by: Florin Malita <fmalita@chromium.org>
Commit-Queue: Mike Reed <reed@google.com>
Diffstat (limited to 'src/core/SkReadBuffer.cpp')
-rw-r--r-- | src/core/SkReadBuffer.cpp | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/src/core/SkReadBuffer.cpp b/src/core/SkReadBuffer.cpp index e4f8243401..48b6881b0a 100644 --- a/src/core/SkReadBuffer.cpp +++ b/src/core/SkReadBuffer.cpp @@ -280,18 +280,19 @@ sk_sp<SkImage> SkReadBuffer::readImage() { } int32_t size = this->read32(); - - // we used to negate the size for "custom" encoded images -- ignore that signal (Dec-2017) - size = SkAbs32(size); - if (size < 0) { - // size == 0x80000000, possible to get here only in Release builds; - // SkAbs32() would already have asserted in Debug builds. + if (size == SK_NaN32) { + // 0x80000000 is never valid, since it cannot be passed to abs(). this->validate(false); return nullptr; - } else if (size == 0) { + } + if (size == 0) { // The image could not be encoded at serialization time - return an empty placeholder. return MakeEmptyImage(width, height); - } else if (size == 1) { + } + + // we used to negate the size for "custom" encoded images -- ignore that signal (Dec-2017) + size = SkAbs32(size); + if (size == 1) { // legacy check (we stopped writing this for "raw" images Nov-2017) this->validate(false); return nullptr; |