Fix fuzzer crash in SkReadBuffer::readTypeface()

BUG=skia:7398 Change-Id: I1d0f7a37c6f02ec5f621f7c1b5983b668530dcd9 Reviewed-on: https://skia-review.googlesource.com/83561 Commit-Queue: Florin Malita <fmalita@chromium.org> Reviewed-by: Mike Reed <reed@google.com>
author: Florin Malita <fmalita@chromium.org> 2017-12-11 15:22:15 -0500
committer: Skia Commit-Bot <skia-commit-bot@chromium.org> 2017-12-11 20:47:28 +0000
commit: bb091a08d1c60ccf3d014d94490c5b4134586ee2 (patch)
tree: ee7823a3e8d22d3a00aecc376145b9184d1bcf6a /src
parent: 7fdd862512cf1b366a111352ec4a3f19c39fbfb0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/SkReadBuffer.cpp b/src/core/SkReadBuffer.cpp
index 1334c59367..c0be4f3490 100644
--- a/src/core/SkReadBuffer.cpp
+++ b/src/core/SkReadBuffer.cpp
@@ -392,7 +392,7 @@ sk_sp<SkTypeface> SkReadBuffer::readTypeface() {
     } else {    // custom
         size_t size = sk_negate_to_size_t(index);
         const void* data = this->skip(size);
-        if (!this->validate(data != nullptr)) {
+        if (!this->validate(data != nullptr && fProcs.fTypefaceProc)) {
             return nullptr;
         }
         return fProcs.fTypefaceProc(data, size, fProcs.fTypefaceCtx);
author	Florin Malita <fmalita@chromium.org>	2017-12-11 15:22:15 -0500
committer	Skia Commit-Bot <skia-commit-bot@chromium.org>	2017-12-11 20:47:28 +0000
commit	bb091a08d1c60ccf3d014d94490c5b4134586ee2 (patch)
tree	ee7823a3e8d22d3a00aecc376145b9184d1bcf6a /src
parent	7fdd862512cf1b366a111352ec4a3f19c39fbfb0 (diff)