diff options
| -rw-r--r-- | resources/crbug769134.fil | bin | 0 -> 440 bytes | |||
| -rw-r--r-- | src/core/SkReadBuffer.h | 6 | ||||
| -rw-r--r-- | tests/ImageFilterTest.cpp | 13 |
3 files changed, 16 insertions, 3 deletions
diff --git a/resources/crbug769134.fil b/resources/crbug769134.fil Binary files differnew file mode 100644 index 0000000000..a8a79e8506 --- /dev/null +++ b/resources/crbug769134.fil diff --git a/src/core/SkReadBuffer.h b/src/core/SkReadBuffer.h index 0653ab6865..980e8cf80f 100644 --- a/src/core/SkReadBuffer.h +++ b/src/core/SkReadBuffer.h @@ -165,11 +165,11 @@ public: sk_sp<SkData> readByteArrayAsData() { size_t len = this->getArrayCount(); - if (!this->validateAvailable(len)) { + void* buffer = sk_malloc_throw(len); + if (!this->readByteArray(buffer, len)) { + sk_free(buffer); return SkData::MakeEmpty(); } - void* buffer = sk_malloc_throw(len); - this->readByteArray(buffer, len); return SkData::MakeFromMalloc(buffer, len); } diff --git a/tests/ImageFilterTest.cpp b/tests/ImageFilterTest.cpp index db269f00e8..c39cc2ee83 100644 --- a/tests/ImageFilterTest.cpp +++ b/tests/ImageFilterTest.cpp @@ -38,6 +38,7 @@ #include "SkTableColorFilter.h" #include "SkTileImageFilter.h" #include "SkXfermodeImageFilter.h" +#include "Resources.h" #include "Test.h" #include "sk_tool_utils.h" @@ -1717,6 +1718,18 @@ DEF_TEST(ImageFilterImageSourceSerialization, reporter) { REPORTER_ASSERT(reporter, *bm.getAddr32(0, 0) == SkPreMultiplyColor(SK_ColorGREEN)); } +DEF_TEST(ImageFilterImageSourceUninitialized, r) { + sk_sp<SkData> data(GetResourceAsData("crbug769134.fil")); + if (!data) { + return; + } + sk_sp<SkImageFilter> unflattenedFilter = SkValidatingDeserializeImageFilter(data->data(), + data->size()); + // This will fail. More importantly, msan will verify that we did not + // compare against uninitialized memory. + REPORTER_ASSERT(r, !unflattenedFilter); +} + static void test_large_blur_input(skiatest::Reporter* reporter, SkCanvas* canvas) { SkBitmap largeBmp; int largeW = 5000; |