diff options
| author |  Florin Malita <fmalita@chromium.org> | 2018-05-10 09:41:38 -0400 |
|---|---|---|
| committer |  Skia Commit-Bot <skia-commit-bot@chromium.org> | 2018-05-10 15:06:16 +0000 |
| commit | c2ea327d14801b4001716619c7d002caa37a1574 (patch) | |
| tree | b1118c2c34630c407f641687090a93e004ebc3b4 /src/pipe | |
| parent | 328490c6a1625ce51d0e81688e0c85c79c400d86 (diff) | |
Validate readByteArrayAsData size
Check that the reader has enough data before attempting to allocate the
buffer.
Also update to return nullptr on read failures.
Change-Id: Ia1ea8f611bad95cf3a4493b12582ac3fa7c2b00f
Reviewed-on: https://skia-review.googlesource.com/127129
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Florin Malita <fmalita@chromium.org>
Diffstat (limited to 'src/pipe')
| -rw-r--r-- | src/pipe/SkPipeReader.cpp | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/pipe/SkPipeReader.cpp b/src/pipe/SkPipeReader.cpp index 2614c4ecd5..ada4a21342 100644 --- a/src/pipe/SkPipeReader.cpp +++ b/src/pipe/SkPipeReader.cpp @@ -562,8 +562,10 @@ static void drawImageLattice_handler(SkPipeReader& reader, uint32_t packedVerb, static void drawVertices_handler(SkPipeReader& reader, uint32_t packedVerb, SkCanvas* canvas) { SkASSERT(SkPipeVerb::kDrawVertices == unpack_verb(packedVerb)); SkBlendMode bmode = (SkBlendMode)unpack_verb_extra(packedVerb); - sk_sp<SkData> data = reader.readByteArrayAsData(); - canvas->drawVertices(SkVertices::Decode(data->data(), data->size()), bmode, read_paint(reader)); + if (sk_sp<SkData> data = reader.readByteArrayAsData()) { + canvas->drawVertices(SkVertices::Decode(data->data(), data->size()), bmode, + read_paint(reader)); + } } static void drawPicture_handler(SkPipeReader& reader, uint32_t packedVerb, SkCanvas* canvas) { @@ -634,7 +636,7 @@ static void defineImage_handler(SkPipeReader& reader, uint32_t packedVerb, SkCan } else { // we are defining a new image sk_sp<SkData> data = reader.readByteArrayAsData(); - sk_sp<SkImage> image = inflator->makeImage(data); + sk_sp<SkImage> image = data ? inflator->makeImage(data) : nullptr; if (!image) { SkDebugf("-- failed to decode\n"); } @@ -663,7 +665,7 @@ static void defineTypeface_handler(SkPipeReader& reader, uint32_t packedVerb, Sk // we are defining a new image sk_sp<SkData> data = reader.readByteArrayAsData(); // TODO: seems like we could "peek" to see the array, and not need to copy it. - sk_sp<SkTypeface> tf = inflator->makeTypeface(data->data(), data->size()); + sk_sp<SkTypeface> tf = data ? inflator->makeTypeface(data->data(), data->size()) : nullptr; inflator->setTypeface(index, tf.get()); } } |