diff options
author | 2018-03-19 09:54:11 -0400 | |
---|---|---|
committer | 2018-03-19 14:17:15 +0000 | |
commit | e3d3f65396cd7427fd988727e27403fbe4313ef0 (patch) | |
tree | ff4ba72a171af38992dc344dc4d999fef24bc564 /src/core/SkReadBuffer.cpp | |
parent | 2f974d4c9f8bd539393001dac4376a69b0531e71 (diff) |
Avoid bad alloc in SkReadBuffer
The fuzzer enjoyed tripping over this.
Bug: skia:
Change-Id: Ia7f4821404936266c77462232d7a64591580c2e0
Reviewed-on: https://skia-review.googlesource.com/114983
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Mike Klein <mtklein@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
Diffstat (limited to 'src/core/SkReadBuffer.cpp')
-rw-r--r-- | src/core/SkReadBuffer.cpp | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/core/SkReadBuffer.cpp b/src/core/SkReadBuffer.cpp index 1bd01d504a..e4f8243401 100644 --- a/src/core/SkReadBuffer.cpp +++ b/src/core/SkReadBuffer.cpp @@ -283,12 +283,15 @@ sk_sp<SkImage> SkReadBuffer::readImage() { // we used to negate the size for "custom" encoded images -- ignore that signal (Dec-2017) size = SkAbs32(size); - - if (size == 0) { + if (size < 0) { + // size == 0x80000000, possible to get here only in Release builds; + // SkAbs32() would already have asserted in Debug builds. + this->validate(false); + return nullptr; + } else if (size == 0) { // The image could not be encoded at serialization time - return an empty placeholder. return MakeEmptyImage(width, height); - } - if (size == 1) { + } else if (size == 1) { // legacy check (we stopped writing this for "raw" images Nov-2017) this->validate(false); return nullptr; |