| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases, the allocated array into which the data will be read is using getArrayCount() to allocate itself, which should be safe, but some cases use fixed length arrays or compute the array size before reading, which could overflow if the stream is compromised.
To prevent that from happening, I added a check that will verify that the number of bytes to read will not exceed the capacity of the input buffer argument passed to all the read...Array() functions.
I chose to use the byte array for this initial version, so that "size" represents the same value across all read...Array() functions, but I could also use the element count, if it is preferred.
Note : readPointArray and writePointArray are unused, so I could also remove them
BUG=
R=reed@google.com, mtklein@google.com, senorblanco@chromium.org
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/37803002
git-svn-id: http://skia.googlecode.com/svn/trunk@12058 2bbb7eff-a529-9590-31e7-b0007b416f81
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1 ) Added check for bool to make sure is it either 0 or 1 and not garbage
2 ) Added more solid kernel size checks in SkMatrixConvolutionImageFilter
3 ) Make sure array size is validated in SkMergeImageFilter
BUG=
R=reed@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/23548034
git-svn-id: http://skia.googlecode.com/svn/trunk@11925 2bbb7eff-a529-9590-31e7-b0007b416f81
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I made it as simple as possible. The impact seems minimal and it should do what's necessary to make this code secure.
BUG=
Committed: http://code.google.com/p/skia/source/detail?r=11247
R=reed@google.com, scroggo@google.com, djsollen@google.com, sugoi@google.com, bsalomon@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk@11922 2bbb7eff-a529-9590-31e7-b0007b416f81
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
containing an SkRect and flags indicating which parameters are set.
NOTE: this will require SK_CROP_RECT_IS_INT=1 to be set in Chrome until Blink has been updated to use SkImageFilter::CropRect. Include https://codereview.chromium.org/26528002/ with the Skia roll.
Note also that SK_CROP_RECT_IS_INT is a temporary measure until all call sites in Blink have been updated to use SkRect.
R=reed@google.com
Review URL: https://codereview.chromium.org/26371002
git-svn-id: http://skia.googlecode.com/svn/trunk@11692 2bbb7eff-a529-9590-31e7-b0007b416f81
|
| |
|
|
|
|
|
|
|
|
| |
Note: this will require rebaselining of the imagefilterscropped and testimagefilters GMs.
R=reed@google.com
Review URL: https://codereview.chromium.org/23600047
git-svn-id: http://skia.googlecode.com/svn/trunk@11387 2bbb7eff-a529-9590-31e7-b0007b416f81
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(https://codereview.chromium.org/24159002/)
11279 Sanitizing source files in Housekeeper-Nightly - https://code.google.com/p/skia/source/detail?r=11279
11257 Canary build fix - https://codereview.chromium.org/23532068
11251 More warnings as errors fixes - https://code.google.com/p/skia/source/detail?r=11251
11250 Warnings as errors fix - https://code.google.com/p/skia/source/detail?r=11250
11247 Initial error handling code - https://chromiumcodereview.appspot.com/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk@11288 2bbb7eff-a529-9590-31e7-b0007b416f81
|
| |
|
|
|
|
| |
changes in r11247)
git-svn-id: http://skia.googlecode.com/svn/trunk@11287 2bbb7eff-a529-9590-31e7-b0007b416f81
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(https://codereview.chromium.org/24159002/)
11279 Sanitizing source files in Housekeeper-Nightly - https://code.google.com/p/skia/source/detail?r=11279
11251 More warnings as errors fixes - https://code.google.com/p/skia/source/detail?r=11251
11250 Warnings as errors fix - https://code.google.com/p/skia/source/detail?r=11250
11247 Initial error handling code - https://chromiumcodereview.appspot.com/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk@11285 2bbb7eff-a529-9590-31e7-b0007b416f81
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I made it as simple as possible. The impact seems minimal and it should do what's necessary to make this code secure.
BUG=
R=reed@google.com, scroggo@google.com, djsollen@google.com, sugoi@google.com, bsalomon@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org
Author: sugoi@chromium.org
Review URL: https://chromiumcodereview.appspot.com/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk@11247 2bbb7eff-a529-9590-31e7-b0007b416f81
|
| |
|
|
|
|
|
|
| |
https://codereview.chromium.org/22978012/
git-svn-id: http://skia.googlecode.com/svn/trunk@10995 2bbb7eff-a529-9590-31e7-b0007b416f81
|
| |
|
|
|
|
| |
Chromium ready.
git-svn-id: http://skia.googlecode.com/svn/trunk@10835 2bbb7eff-a529-9590-31e7-b0007b416f81
|
| |
|
|
|
|
|
|
| |
https://codereview.chromium.org/22978012/
git-svn-id: http://skia.googlecode.com/svn/trunk@10830 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
Review URL: https://codereview.appspot.com/6873052
git-svn-id: http://skia.googlecode.com/svn/trunk@6662 2bbb7eff-a529-9590-31e7-b0007b416f81
|
commit-bot@chromium.org
senorblanco@chromium.org
robertphillips@google.com