Avoid bad alloc in SkReadBuffer

The fuzzer enjoyed tripping over this.

Bug: skia:
Change-Id: Ia7f4821404936266c77462232d7a64591580c2e0
Reviewed-on: https://skia-review.googlesource.com/114983
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Mike Klein <mtklein@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>

1 files changed, 7 insertions, 4 deletions

diff --git a/src/core/SkReadBuffer.cpp b/src/core/SkReadBuffer.cpp
index 1bd01d504a..e4f8243401 100644
--- a/src/core/SkReadBuffer.cpp
+++ b/src/core/SkReadBuffer.cpp
@@ -283,12 +283,15 @@ sk_sp<SkImage> SkReadBuffer::readImage() {
 
     // we used to negate the size for "custom" encoded images -- ignore that signal (Dec-2017)
     size = SkAbs32(size);
-
-    if (size == 0) {
+    if (size < 0) {
+        // size == 0x80000000, possible to get here only in Release builds;
+        // SkAbs32() would already have asserted in Debug builds.
+        this->validate(false);
+        return nullptr;
+    } else if (size == 0) {
         // The image could not be encoded at serialization time - return an empty placeholder.
         return MakeEmptyImage(width, height);
-    }
-    if (size == 1) {
+    } else if (size == 1) {
         // legacy check (we stopped writing this for "raw" images Nov-2017)
         this->validate(false);
         return nullptr;