Avoid nullptr deference when deserializing SkPicture

Avoid resetting SkAutoSTArray values to negatives. Additionally, clean up some misc logs that aren't helpful. Bug: skia:7405 Change-Id: Ied353a4e415e2efd5ab8180e7f6c681248dd9134 Reviewed-on: https://skia-review.googlesource.com/93240 Reviewed-by: Mike Klein <mtklein@chromium.org> Commit-Queue: Kevin Lubick <kjlubick@google.com>
author: Kevin Lubick <kjlubick@google.com> 2018-01-10 13:21:55 -0500
committer: Skia Commit-Bot <skia-commit-bot@chromium.org> 2018-01-11 19:53:03 +0000
commit: 3299d04993e2622cb1ff68df39777088b562554f (patch)
tree: d5f7c976f674c56429380f3ed05a4167233501d5 /src/core
parent: 15150a60ebea7b268493d0595cec7db9a5465fac (diff)
4 files changed, 6 insertions, 2 deletions
diff --git a/src/core/SkImageFilter.cpp b/src/core/SkImageFilter.cpp
index bf34ae3180..e5ba0eb09f 100644
--- a/src/core/SkImageFilter.cpp
+++ b/src/core/SkImageFilter.cpp
@@ -123,7 +123,6 @@ bool SkImageFilter::Common::unflatten(SkReadBuffer& buffer, int expectedCount) {
         return false;
     }
 
-    SkFUZZF(("allocInputs: %d\n", count));
     this->allocInputs(count);
     for (int i = 0; i < count; i++) {
         if (buffer.readBool()) {
diff --git a/src/core/SkPicture.cpp b/src/core/SkPicture.cpp
index 05bad67397..1c8d0f9b49 100644
--- a/src/core/SkPicture.cpp
+++ b/src/core/SkPicture.cpp
@@ -135,6 +135,9 @@ sk_sp<SkPicture> SkPicture::Forwardport(const SkPictInfo& info,
     if (!data) {
         return nullptr;
     }
+    if (!data->opData()) {
+        return nullptr;
+    }
     SkPicturePlayback playback(data);
     SkPictureRecorder r;
     playback.draw(r.beginRecording(info.fCullRect), nullptr/*no callback*/, buffer);
diff --git a/src/core/SkPictureData.cpp b/src/core/SkPictureData.cpp
index d0b206e90a..247d16f6d2 100644
--- a/src/core/SkPictureData.cpp
+++ b/src/core/SkPictureData.cpp
@@ -511,6 +511,9 @@ bool SkPictureData::parseBufferTag(SkReadBuffer& buffer, uint32_t tag, uint32_t
         case SK_PICT_PATH_BUFFER_TAG:
             if (size > 0) {
                 const int count = buffer.readInt();
+                if (count < 0) {
+                    return false;
+                }
                 fPaths.reset(count);
                 for (int i = 0; i < count; i++) {
                     buffer.readPath(&fPaths[i]);
diff --git a/src/core/SkPicturePlayback.cpp b/src/core/SkPicturePlayback.cpp
index a3f8f818f5..47def4d6d5 100644
--- a/src/core/SkPicturePlayback.cpp
+++ b/src/core/SkPicturePlayback.cpp
@@ -500,7 +500,6 @@ void SkPicturePlayback::handleOp(SkReadBuffer* reader,
             const SkPoint* pos = (const SkPoint*)reader->skip(points, sizeof(SkPoint));
             const SkScalar top = reader->readScalar();
             const SkScalar bottom = reader->readScalar();
-            SkDebugf("postexth count %zu pos %p\n", points, pos);
             BREAK_ON_READ_ERROR(reader);
 
             SkRect clip = canvas->getLocalClipBounds();
author	Kevin Lubick <kjlubick@google.com>	2018-01-10 13:21:55 -0500
committer	Skia Commit-Bot <skia-commit-bot@chromium.org>	2018-01-11 19:53:03 +0000
commit	3299d04993e2622cb1ff68df39777088b562554f (patch)
tree	d5f7c976f674c56429380f3ed05a4167233501d5 /src/core
parent	15150a60ebea7b268493d0595cec7db9a5465fac (diff)