Add preflight checks for SkImage deserialization

Bug: skia:7937 Change-Id: Ia6d8eeeeaf9ea38df7e4f78b23598a66142bf8de Reviewed-on: https://skia-review.googlesource.com/128301 Reviewed-by: Florin Malita <fmalita@chromium.org> Commit-Queue: Kevin Lubick <kjlubick@google.com>
author: Kevin Lubick <kjlubick@google.com> 2018-05-15 12:35:16 -0400
committer: Skia Commit-Bot <skia-commit-bot@chromium.org> 2018-05-15 17:15:23 +0000
commit: 22711cfd91c20fb7b39c0d0211c57895609954ab (patch)
tree: b1b4e3ad8d14f2cd936601553ea70ce3a6ebc28c /src
parent: 852a8cb1f0f94efa9929e0839e7e3f5b18a337b4 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/core/SkReadBuffer.cpp b/src/core/SkReadBuffer.cpp
index adf9e64403..d41f2902f2 100644
--- a/src/core/SkReadBuffer.cpp
+++ b/src/core/SkReadBuffer.cpp
@@ -314,6 +314,13 @@ sk_sp<SkImage> SkReadBuffer::readImage() {
         return nullptr;
     }
 
+    // Preflight check to make sure there's enough stuff in the buffer before
+    // we allocate the memory. This helps the fuzzer avoid OOM when it creates
+    // bad/corrupt input.
+    if (!this->validate(((size_t)size) <= this->available())) {
+        return nullptr;
+    }
+
     sk_sp<SkData> data = SkData::MakeUninitialized(size);
     if (!this->readPad32(data->writable_data(), size)) {
         this->validate(false);
author	Kevin Lubick <kjlubick@google.com>	2018-05-15 12:35:16 -0400
committer	Skia Commit-Bot <skia-commit-bot@chromium.org>	2018-05-15 17:15:23 +0000
commit	22711cfd91c20fb7b39c0d0211c57895609954ab (patch)
tree	b1b4e3ad8d14f2cd936601553ea70ce3a6ebc28c /src
parent	852a8cb1f0f94efa9929e0839e7e3f5b18a337b4 (diff)