Fix some fuzzer complaints

In one case the fuzzer was switching the picture's op code to an invalid value In the other two the fuzzer was maxing out the number of points passed to drawPoints and the number of characters passed to drawTextRSXform. In these cases the validation would fail but still return a pointer into the data stream. GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2593 Change-Id: Id6d4e6b7bcbae38ace7ad1d92ffcfa5c02f9fb61 Reviewed-on: https://skia-review.googlesource.com/2593 Reviewed-by: Mike Reed <reed@google.com>
author: Robert Phillips <robertphillips@google.com> 2016-09-26 09:00:36 -0400
committer: Robert Phillips <robertphillips@google.com> 2016-09-26 14:47:43 +0000
commit: b2526041ba83a66ba66be237d9e83578ed6f2c1c (patch)
tree: 55a23c0cfa67363a0c92f992a3be93c5d5919c22 /src/core/SkValidatingReadBuffer.cpp
parent: 0dc744ac340ee061faf4518be85cc28e38a4471b (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/core/SkValidatingReadBuffer.cpp b/src/core/SkValidatingReadBuffer.cpp
index d57e499cc1..e1b84d597f 100644
--- a/src/core/SkValidatingReadBuffer.cpp
+++ b/src/core/SkValidatingReadBuffer.cpp
@@ -44,9 +44,11 @@ const void* SkValidatingReadBuffer::skip(size_t size) {
     size_t inc = SkAlign4(size);
     const void* addr = fReader.peek();
     this->validate(IsPtrAlign4(addr) && fReader.isAvailable(inc));
-    if (!fError) {
-        fReader.skip(size);
+    if (fError) {
+        return nullptr;
     }
+
+    fReader.skip(size);
     return addr;
 }
author	Robert Phillips <robertphillips@google.com>	2016-09-26 09:00:36 -0400
committer	Robert Phillips <robertphillips@google.com>	2016-09-26 14:47:43 +0000
commit	b2526041ba83a66ba66be237d9e83578ed6f2c1c (patch)
tree	55a23c0cfa67363a0c92f992a3be93c5d5919c22 /src/core/SkValidatingReadBuffer.cpp
parent	0dc744ac340ee061faf4518be85cc28e38a4471b (diff)