aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/core/SkValidatingReadBuffer.cpp
Commit message (Collapse)AuthorAge
* Objects should be unrefed instead of deletedGravatar sugoi2014-10-31
| | | | | | | | When an error occurs reading a flattenable object, it should be unrefed instead of deleted because, in the case of SkXferMode, for example, we'd actually be deleting a cached object kept in a static array. BUG=428789 Review URL: https://codereview.chromium.org/695633003
* SkCanvas::drawPatch param SkPoint[12]Gravatar dandov2014-08-12
| | | | | | | | | | | | | | | | | | drawPatch now receives as parameter const SkPoint cubics[12] Adjusted derived classes and serialization. Ajusted GM's and benches that take into account combinations of optional parameters, the scale of the patch and 4 different types of patches. Planning on adding the extra functionality of SkPatch in another CL. BUG=skia: R=egdaniel@google.com, reed@google.com Author: dandov@google.com Review URL: https://codereview.chromium.org/463493002
* Stopped skipping tests in dm of SkPatch by implementing theGravatar dandov2014-08-07
| | | | | | | | | | | corresponding drawPath calls on classes that derive from SkCanvas. BUG=skia: R=egdaniel@google.com, bsalomon@google.com, mtklein@google.com, robertphillips@google.com Author: dandov@google.com Review URL: https://codereview.chromium.org/429343004
* stop calling SkBitmap::flattenGravatar commit-bot@chromium.org2014-05-23
| | | | | | | | | | | BUG=skia: R=scroggo@google.com, halcanary@google.com Author: reed@google.com Review URL: https://codereview.chromium.org/295793002 git-svn-id: http://skia.googlecode.com/svn/trunk@14867 2bbb7eff-a529-9590-31e7-b0007b416f81
* Sanitizing source files in Housekeeper-NightlyGravatar skia.committer@gmail.com2014-05-23
| | | | git-svn-id: http://skia.googlecode.com/svn/trunk@14862 2bbb7eff-a529-9590-31e7-b0007b416f81
* Remove unused (by clients) SkUnitMapperGravatar commit-bot@chromium.org2014-05-22
| | | | | | | | | | | | This reverts commit 874423a81b5bc2541c7397e6ab00d5e7c9fdaf98. TBR=scroggo Author: reed@google.com Review URL: https://codereview.chromium.org/288313009 git-svn-id: http://skia.googlecode.com/svn/trunk@14842 2bbb7eff-a529-9590-31e7-b0007b416f81
* Revert of Remove unused (by clients) SkUnitMapper ↵Gravatar commit-bot@chromium.org2014-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | (https://codereview.chromium.org/283273002/) (https://codereview.chromium.org/288343009/) Reason for revert: required blink change failed to land Original issue's description: > Remove unused (by clients) SkUnitMapper (https://codereview.chromium.org/283273002/) > > This reverts commit dd50c83b5b34dab3a077741861b50ed1f2bc6b8f. > > BUG=skia: > > Committed: http://code.google.com/p/skia/source/detail?r=14830 R=scroggo@google.com, reed@google.com TBR=reed@google.com, scroggo@google.com NOTREECHECKS=true NOTRY=true BUG=skia: Author: reed@chromium.org Review URL: https://codereview.chromium.org/296823008 git-svn-id: http://skia.googlecode.com/svn/trunk@14838 2bbb7eff-a529-9590-31e7-b0007b416f81
* Remove unused (by clients) SkUnitMapper ↵Gravatar commit-bot@chromium.org2014-05-21
| | | | | | | | | | | | | | | (https://codereview.chromium.org/283273002/) This reverts commit dd50c83b5b34dab3a077741861b50ed1f2bc6b8f. BUG=skia: R=scroggo@google.com Author: reed@google.com Review URL: https://codereview.chromium.org/288343009 git-svn-id: http://skia.googlecode.com/svn/trunk@14830 2bbb7eff-a529-9590-31e7-b0007b416f81
* Revert of remove unused (by clients) SkUnitMapper ↵Gravatar commit-bot@chromium.org2014-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (https://codereview.chromium.org/283273002/) Reason for revert: does not address all legacy callsites in chrome. e.g. [13:45:32.091872] ../../ui/native_theme/native_theme_base.cc:608:76: error: no matching function for call to ‘SkGradientShader::CreateLinear(SkPoint [3], SkColor [3], NULL, int, SkShader::TileMode, NULL)’ [13:45:32.091919] gradient_bounds, colors, NULL, 3, SkShader::kClamp_TileMode, NULL)); Original issue's description: > remove unused (by clients) SkUnitMapper > > BUG=skia: > > Committed: http://code.google.com/p/skia/source/detail?r=14761 R=robertphillips@google.com, scroggo@google.com, george@mozilla.com TBR=george@mozilla.com, robertphillips@google.com, scroggo@google.com NOTREECHECKS=true NOTRY=true BUG=skia: Author: reed@google.com Review URL: https://codereview.chromium.org/287063009 git-svn-id: http://skia.googlecode.com/svn/trunk@14763 2bbb7eff-a529-9590-31e7-b0007b416f81
* remove unused (by clients) SkUnitMapperGravatar commit-bot@chromium.org2014-05-16
| | | | | | | | | | | BUG=skia: R=robertphillips@google.com, scroggo@google.com, george@mozilla.com Author: reed@google.com Review URL: https://codereview.chromium.org/283273002 git-svn-id: http://skia.googlecode.com/svn/trunk@14761 2bbb7eff-a529-9590-31e7-b0007b416f81
* Fixed issue found by clusterfuzzGravatar commit-bot@chromium.org2014-04-29
| | | | | | | | | | | | | An integer overflow was causing an issue when reading a string with a very large (or negative) size. BUG=367764 R=senorblanco@google.com, senorblanco@chromium.org, reed@google.com, borenet@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/255693003 git-svn-id: http://skia.googlecode.com/svn/trunk@14434 2bbb7eff-a529-9590-31e7-b0007b416f81
* fix size_t/int warningsGravatar commit-bot@chromium.org2014-04-23
| | | | | | | | | | | BUG=skia: R=mtklein@google.com Author: reed@google.com Review URL: https://codereview.chromium.org/247753003 git-svn-id: http://skia.googlecode.com/svn/trunk@14332 2bbb7eff-a529-9590-31e7-b0007b416f81
* Fixing SkPicture serializationGravatar commit-bot@chromium.org2014-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed a few issues while attempting to use the new serialization path for SkPicture inside a fuzzer: - SkReadBuffer and SkValidatingReadBuffer both had a fReader member instead of sharing the same member, which leads to problems if a base class function is used - In SkPicture, a header is now written as a single chunk of data, so it also has to be read as a single chunk of data - In the SkPicturePlayback destructor, a bad deserialization would lead to a crash if we don't safely unref fOpData - Also in SkPicturePlayback, if we only use a ReadBuffer for the whole deserialization, additional tags must be added to parseBufferTag() - SkValidatingReadBuffer::readBitmap() was broken, but this path wasn't usen't since the only use case for SkValidatingReadBuffer is currently image filters and bitmaps are unflattened as part of the deserialization of SkBitmapSource - SkPictureImageFilter was not deserializable. Added it to SkGlobalInitialization* - Added a test that exercises the SkPicture serialization / deserialization code BUG=skia: R=senorblanco@google.com, senorblanco@chromium.org, reed@google.com, robertphillips@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/195223003 git-svn-id: http://skia.googlecode.com/svn/trunk@13764 2bbb7eff-a529-9590-31e7-b0007b416f81
* Refactor read and write buffers.Gravatar commit-bot@chromium.org2014-01-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Eliminates SkFlattenable{Read,Write}Buffer, promoting SkOrdered{Read,Write}Buffer a step each in the hierarchy. What used to be this: SkFlattenableWriteBuffer -> SkOrderedWriteBuffer SkFlattenableReadBuffer -> SkOrderedReadBuffer SkFlattenableReadBuffer -> SkValidatingReadBuffer is now SkWriteBuffer SkReadBuffer -> SkValidatingReadBuffer Benefits: - code is simpler, names are less wordy - the generic SkFlattenableFooBuffer code in SkPaint was incorrect; removed - write buffers are completely devirtualized, important for record speed This refactoring was mostly mechanical. You aren't going to find anything interesting in files with less than 10 lines changed. BUG=skia: R=reed@google.com, scroggo@google.com, djsollen@google.com, mtklein@google.com Author: mtklein@chromium.org Review URL: https://codereview.chromium.org/134163010 git-svn-id: http://skia.googlecode.com/svn/trunk@13245 2bbb7eff-a529-9590-31e7-b0007b416f81
* Fixed more fuzzer issuesGravatar commit-bot@chromium.org2013-12-17
| | | | | | | | | | | | | | | | - Added the "isAvailable" function to check how much bytes are remaining in the stream before doing potentially large mallocs. That way, we can signal a bad stream instead of crashing. - Added data validation in SkImageInfo.cpp - Added NULL pointer check in displacement - Modified the fuzzer for randomized bitmap types BUG=328934,329254 R=senorblanco@google.com, senorblanco@chromium.org, reed@google.com, sugoi@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/116773002 git-svn-id: http://skia.googlecode.com/svn/trunk@12723 2bbb7eff-a529-9590-31e7-b0007b416f81
* Fixed a few places where uninitialized memory could have been readGravatar commit-bot@chromium.org2013-12-06
| | | | | | | | | | | | | Also added early exit in SkImageFilter's constructor to avoid attempting to deserialize all inputs once a bad input has been found. This avoids hanging if a filter pretends to have 1 billion inputs when that's just an error on the number of inputs read by the filter. BUG=326206,326197,326229 R=senorblanco@chromium.org, senorblanco@google.com, reed@google.com, sugoi@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/106943002 git-svn-id: http://skia.googlecode.com/svn/trunk@12544 2bbb7eff-a529-9590-31e7-b0007b416f81
* Reverting r12427Gravatar rmistry@google.com2013-12-02
| | | | git-svn-id: http://skia.googlecode.com/svn/trunk@12428 2bbb7eff-a529-9590-31e7-b0007b416f81
* Sanitizing source files in Housekeeper-NightlyGravatar skia.committer@gmail.com2013-12-02
| | | | git-svn-id: http://skia.googlecode.com/svn/trunk@12427 2bbb7eff-a529-9590-31e7-b0007b416f81
* Fixed bad memory accessGravatar commit-bot@chromium.org2013-11-26
| | | | | | | | | | | BUG=323595 R=senorblanco@google.com, reed@google.com, sugoi@google.com, senorblanco@chromium.org Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/88643004 git-svn-id: http://skia.googlecode.com/svn/trunk@12410 2bbb7eff-a529-9590-31e7-b0007b416f81
* Fixing issues found by fuzzerGravatar commit-bot@chromium.org2013-11-22
| | | | | | | | | | | BUG=321802,321790 R=reed@google.com, senorblanco@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/83073005 git-svn-id: http://skia.googlecode.com/svn/trunk@12362 2bbb7eff-a529-9590-31e7-b0007b416f81
* Adding error checks to SkRBufferGravatar commit-bot@chromium.org2013-11-08
| | | | | | | | | | | BUG= R=robertphillips@google.com, bsalomon@google.com, reed@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/61913002 git-svn-id: http://skia.googlecode.com/svn/trunk@12202 2bbb7eff-a529-9590-31e7-b0007b416f81
* Checking structure sizes before reading them from memory to avoid ↵Gravatar commit-bot@chromium.org2013-11-05
| | | | | | | | | | | | | | | | | overflowing the buffer's stream. BUG= R=reed@google.com, mtklein@google.com, senorblanco@chromium.org Committed: https://code.google.com/p/skia/source/detail?r=12114 Committed: https://code.google.com/p/skia/source/detail?r=12119 Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/41253002 git-svn-id: http://skia.googlecode.com/svn/trunk@12130 2bbb7eff-a529-9590-31e7-b0007b416f81
* Revert "Checking structure sizes before reading them from memory to avoid ↵Gravatar reed@google.com2013-11-04
| | | | | | | | overflowing the buffer's stream." This reverts commit 6bc22e8ef1ea70a1b58409aa21254358c50f149a. git-svn-id: http://skia.googlecode.com/svn/trunk@12124 2bbb7eff-a529-9590-31e7-b0007b416f81
* Checking structure sizes before reading them from memory to avoid ↵Gravatar sugoi@google.com2013-11-04
| | | | | | | | | | | | | overflowing the buffer's stream. BUG= R=reed@google.com Committed: https://code.google.com/p/skia/source/detail?r=12114 Review URL: https://codereview.chromium.org/41253002 git-svn-id: http://skia.googlecode.com/svn/trunk@12119 2bbb7eff-a529-9590-31e7-b0007b416f81
* Revert r12114 due to https://code.google.com/p/skia/issues/detail?id=1794 ↵Gravatar epoger@google.com2013-11-04
| | | | | | ('Assertion failures on various buildbots as of r12114') git-svn-id: http://skia.googlecode.com/svn/trunk@12115 2bbb7eff-a529-9590-31e7-b0007b416f81
* Checking structure sizes before reading them from memory to avoid ↵Gravatar sugoi@google.com2013-11-04
| | | | | | | | | | | overflowing the buffer's stream. BUG= R=reed@google.com Review URL: https://codereview.chromium.org/41253002 git-svn-id: http://skia.googlecode.com/svn/trunk@12114 2bbb7eff-a529-9590-31e7-b0007b416f81
* Adding size parameter to read array functionsGravatar commit-bot@chromium.org2013-10-31
| | | | | | | | | | | | | | | | | | | In some cases, the allocated array into which the data will be read is using getArrayCount() to allocate itself, which should be safe, but some cases use fixed length arrays or compute the array size before reading, which could overflow if the stream is compromised. To prevent that from happening, I added a check that will verify that the number of bytes to read will not exceed the capacity of the input buffer argument passed to all the read...Array() functions. I chose to use the byte array for this initial version, so that "size" represents the same value across all read...Array() functions, but I could also use the element count, if it is preferred. Note : readPointArray and writePointArray are unused, so I could also remove them BUG= R=reed@google.com, mtklein@google.com, senorblanco@chromium.org Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/37803002 git-svn-id: http://skia.googlecode.com/svn/trunk@12058 2bbb7eff-a529-9590-31e7-b0007b416f81
* Enabling validation code in serialization and adding serialization to fuzzerGravatar commit-bot@chromium.org2013-10-28
| | | | | | | | | | | | | | BUG= Committed: http://code.google.com/p/skia/source/detail?r=11968 R=reed@google.com, mtklein@google.com, senorblanco@chromium.org, bsalomon@google.com, robertphillips@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/44573002 git-svn-id: http://skia.googlecode.com/svn/trunk@11981 2bbb7eff-a529-9590-31e7-b0007b416f81
* Follow up to serialization validation codeGravatar commit-bot@chromium.org2013-10-23
| | | | | | | | | | | | | | | | | 1 ) Added check for bool to make sure is it either 0 or 1 and not garbage 2 ) Added more solid kernel size checks in SkMatrixConvolutionImageFilter 3 ) Make sure array size is validated in SkMergeImageFilter BUG= R=reed@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/23548034 git-svn-id: http://skia.googlecode.com/svn/trunk@11925 2bbb7eff-a529-9590-31e7-b0007b416f81
* Initial error handling codeGravatar commit-bot@chromium.org2013-10-23
| | | | | | | | | | | | | | | | I made it as simple as possible. The impact seems minimal and it should do what's necessary to make this code secure. BUG= Committed: http://code.google.com/p/skia/source/detail?r=11247 R=reed@google.com, scroggo@google.com, djsollen@google.com, sugoi@google.com, bsalomon@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/23021015 git-svn-id: http://skia.googlecode.com/svn/trunk@11922 2bbb7eff-a529-9590-31e7-b0007b416f81
* Revert 11247, 11250, 11251, 11257, and 11279 to unblock DEPS roll ↵Gravatar robertphillips@google.com2013-09-16
| | | | | | | | | | | | | | (https://codereview.chromium.org/24159002/) 11279 Sanitizing source files in Housekeeper-Nightly - https://code.google.com/p/skia/source/detail?r=11279 11257 Canary build fix - https://codereview.chromium.org/23532068 11251 More warnings as errors fixes - https://code.google.com/p/skia/source/detail?r=11251 11250 Warnings as errors fix - https://code.google.com/p/skia/source/detail?r=11250 11247 Initial error handling code - https://chromiumcodereview.appspot.com/23021015 git-svn-id: http://skia.googlecode.com/svn/trunk@11288 2bbb7eff-a529-9590-31e7-b0007b416f81
* Revert the revert of 11247, 11250, 11251 and 11279 (Chrome already relies on ↵Gravatar robertphillips@google.com2013-09-16
| | | | | | changes in r11247) git-svn-id: http://skia.googlecode.com/svn/trunk@11287 2bbb7eff-a529-9590-31e7-b0007b416f81
* Revert 11247, 11250, 11251 and 11279 to unblock DEPS roll ↵Gravatar robertphillips@google.com2013-09-16
| | | | | | | | | | | | | (https://codereview.chromium.org/24159002/) 11279 Sanitizing source files in Housekeeper-Nightly - https://code.google.com/p/skia/source/detail?r=11279 11251 More warnings as errors fixes - https://code.google.com/p/skia/source/detail?r=11251 11250 Warnings as errors fix - https://code.google.com/p/skia/source/detail?r=11250 11247 Initial error handling code - https://chromiumcodereview.appspot.com/23021015 git-svn-id: http://skia.googlecode.com/svn/trunk@11285 2bbb7eff-a529-9590-31e7-b0007b416f81
* Initial error handling codeGravatar commit-bot@chromium.org2013-09-13
I made it as simple as possible. The impact seems minimal and it should do what's necessary to make this code secure. BUG= R=reed@google.com, scroggo@google.com, djsollen@google.com, sugoi@google.com, bsalomon@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org Author: sugoi@chromium.org Review URL: https://chromiumcodereview.appspot.com/23021015 git-svn-id: http://skia.googlecode.com/svn/trunk@11247 2bbb7eff-a529-9590-31e7-b0007b416f81
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-15 10:01:38 +0000