Return nullptr from readFlattenable when invalid

Currently, in SkReadBuffer::readFlattenable, if reading the sizeRecorded
fails (or any previous read), then the read buffer is invalid and the
size returns zero.  In this bug, it calls SkLine2DPathEffect::CreateProc
which never checks the validity of the readBuffer and returns a
valid object.  Because the read size also is zero, then unset
but seemingly valid object gets returned to the caller.

Other failure cases return nullptr when the readBuffer is invalid, so
instead of making all procs handle this, just handle this at the end
of readFlattenable.

It'd be ideal if SkFlattenable::Deserialize could forward this error
back to the caller, but this seems like a smaller fix.

Bug: chromium: 854947
Change-Id: I26e4e90320c0d2c4efa191d301aa4ac7783eb476
Reviewed-on: https://skia-review.googlesource.com/138000
Commit-Queue: Mike Klein <mtklein@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>

1 files changed, 3 insertions, 0 deletions

diff --git a/src/core/SkReadBuffer.cpp b/src/core/SkReadBuffer.cpp
index 3491428658..7e58e52e67 100644
--- a/src/core/SkReadBuffer.cpp
+++ b/src/core/SkReadBuffer.cpp
@@ -461,6 +461,9 @@ SkFlattenable* SkReadBuffer::readFlattenable(SkFlattenable::Type ft) {
         // we must skip the remaining data
         fReader.skip(sizeRecorded);
     }
+    if (!this->isValid()) {
+        return nullptr;
+    }
     return obj.release();
 }