aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/pathops
diff options
context:
space:
mode:
authorGravatar Cary Clark <caryclark@skia.org>2018-05-31 16:22:02 -0400
committerGravatar Skia Commit-Bot <skia-commit-bot@chromium.org>2018-05-31 21:10:54 +0000
commit79aa2f12ab4e2f51e98db8f18175e10d8050821f (patch)
tree951ba629eaf05e5f6601dd551fe2f694cec7a5c4 /src/pathops
parentb4a8a629406fd84c04ecbb1bd2301cfbff91121d (diff)
don't walk off end of pointer
Avoids pointer-overflow in ASAN/UBSAN. R=mtklein@google.com Bug:836282 Change-Id: I2125fa7927c30ae601431af8daec0f900c84799c Reviewed-on: https://skia-review.googlesource.com/131261 Auto-Submit: Cary Clark <caryclark@skia.org> Commit-Queue: Mike Klein <mtklein@google.com> Reviewed-by: Mike Klein <mtklein@google.com>
Diffstat (limited to 'src/pathops')
-rw-r--r--src/pathops/SkOpEdgeBuilder.cpp6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/pathops/SkOpEdgeBuilder.cpp b/src/pathops/SkOpEdgeBuilder.cpp
index 16cbfc410c..363933e0c5 100644
--- a/src/pathops/SkOpEdgeBuilder.cpp
+++ b/src/pathops/SkOpEdgeBuilder.cpp
@@ -175,10 +175,11 @@ bool SkOpEdgeBuilder::close() {
bool SkOpEdgeBuilder::walk() {
uint8_t* verbPtr = fPathVerbs.begin();
uint8_t* endOfFirstHalf = &verbPtr[fSecondHalf];
- SkPoint* pointsPtr = fPathPts.begin() - 1;
+ SkPoint* pointsPtr = fPathPts.begin();
SkScalar* weightPtr = fWeights.begin();
SkPath::Verb verb;
SkOpContour* contour = fContourBuilder.contour();
+ int moveToPtrBump = 0;
while ((verb = (SkPath::Verb) *verbPtr) != SkPath::kDone_Verb) {
if (verbPtr == endOfFirstHalf) {
fOperand = true;
@@ -198,7 +199,8 @@ bool SkOpEdgeBuilder::walk() {
}
contour->init(fGlobalState, fOperand,
fXorMask[fOperand] == kEvenOdd_PathOpsMask);
- pointsPtr += 1;
+ pointsPtr += moveToPtrBump;
+ moveToPtrBump = 1;
continue;
case SkPath::kLine_Verb:
fContourBuilder.addLine(pointsPtr);
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 00:52:55 +0000