| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Added the "isAvailable" function to check how much bytes are remaining in the stream before doing potentially large mallocs. That way, we can signal a bad stream instead of crashing.
- Added data validation in SkImageInfo.cpp
- Added NULL pointer check in displacement
- Modified the fuzzer for randomized bitmap types
BUG=328934,329254
R=senorblanco@google.com, senorblanco@chromium.org, reed@google.com, sugoi@google.com
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/116773002
git-svn-id: http://skia.googlecode.com/svn/trunk@12723 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also added early exit in SkImageFilter's constructor to avoid attempting to deserialize all inputs once a bad input has been found. This avoids hanging if a filter pretends to have 1 billion inputs when that's just an error on the number of inputs read by the filter.
BUG=326206,326197,326229
R=senorblanco@chromium.org, senorblanco@google.com, reed@google.com, sugoi@google.com
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/106943002
git-svn-id: http://skia.googlecode.com/svn/trunk@12544 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Processing still had issue when the number of inputs was 0, so I changed my previous fix from a maximum input count to an exact input count. -1 is used when the input count isn't fixed (but still has to be a non-negative number).
BUG=
R=senorblanco@chromium.org, reed@google.com, sugoi@google.com, bsalomon@google.com
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/100803004
git-svn-id: http://skia.googlecode.com/svn/trunk@12492 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Added a way to check that the number of inputs of a filter is not more than a filter expects
- Added validation of reftype in SkBitmap::unflatten()
- Added validation on fKD (diffuse lighting constant) and fKS (specular lighting constant) to make sure that they are always non-negative numbers
- Added validation of SkPerlinNoiseShader::fType and SkPerlinNoiseShader::fNumOctaves
BUG=
R=reed@google.com, senorblanco@google.com, mtklein@google.com, senorblanco@chromium.org, sugoi@google.com
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/83343003
git-svn-id: http://skia.googlecode.com/svn/trunk@12388 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases, the allocated array into which the data will be read is using getArrayCount() to allocate itself, which should be safe, but some cases use fixed length arrays or compute the array size before reading, which could overflow if the stream is compromised.
To prevent that from happening, I added a check that will verify that the number of bytes to read will not exceed the capacity of the input buffer argument passed to all the read...Array() functions.
I chose to use the byte array for this initial version, so that "size" represents the same value across all read...Array() functions, but I could also use the element count, if it is preferred.
Note : readPointArray and writePointArray are unused, so I could also remove them
BUG=
R=reed@google.com, mtklein@google.com, senorblanco@chromium.org
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/37803002
git-svn-id: http://skia.googlecode.com/svn/trunk@12058 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1 ) Added check for bool to make sure is it either 0 or 1 and not garbage
2 ) Added more solid kernel size checks in SkMatrixConvolutionImageFilter
3 ) Make sure array size is validated in SkMergeImageFilter
BUG=
R=reed@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/23548034
git-svn-id: http://skia.googlecode.com/svn/trunk@11925 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I made it as simple as possible. The impact seems minimal and it should do what's necessary to make this code secure.
BUG=
Committed: http://code.google.com/p/skia/source/detail?r=11247
R=reed@google.com, scroggo@google.com, djsollen@google.com, sugoi@google.com, bsalomon@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk@11922 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
containing an SkRect and flags indicating which parameters are set.
NOTE: this will require SK_CROP_RECT_IS_INT=1 to be set in Chrome until Blink has been updated to use SkImageFilter::CropRect. Include https://codereview.chromium.org/26528002/ with the Skia roll.
Note also that SK_CROP_RECT_IS_INT is a temporary measure until all call sites in Blink have been updated to use SkRect.
R=reed@google.com
Review URL: https://codereview.chromium.org/26371002
git-svn-id: http://skia.googlecode.com/svn/trunk@11692 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
|
|
| |
Note: this will require rebaselining of the imagefilterscropped and testimagefilters GMs.
R=reed@google.com
Review URL: https://codereview.chromium.org/23600047
git-svn-id: http://skia.googlecode.com/svn/trunk@11387 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(https://codereview.chromium.org/24159002/)
11279 Sanitizing source files in Housekeeper-Nightly - https://code.google.com/p/skia/source/detail?r=11279
11257 Canary build fix - https://codereview.chromium.org/23532068
11251 More warnings as errors fixes - https://code.google.com/p/skia/source/detail?r=11251
11250 Warnings as errors fix - https://code.google.com/p/skia/source/detail?r=11250
11247 Initial error handling code - https://chromiumcodereview.appspot.com/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk@11288 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
| |
changes in r11247)
git-svn-id: http://skia.googlecode.com/svn/trunk@11287 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(https://codereview.chromium.org/24159002/)
11279 Sanitizing source files in Housekeeper-Nightly - https://code.google.com/p/skia/source/detail?r=11279
11251 More warnings as errors fixes - https://code.google.com/p/skia/source/detail?r=11251
11250 Warnings as errors fix - https://code.google.com/p/skia/source/detail?r=11250
11247 Initial error handling code - https://chromiumcodereview.appspot.com/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk@11285 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I made it as simple as possible. The impact seems minimal and it should do what's necessary to make this code secure.
BUG=
R=reed@google.com, scroggo@google.com, djsollen@google.com, sugoi@google.com, bsalomon@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org
Author: sugoi@chromium.org
Review URL: https://chromiumcodereview.appspot.com/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk@11247 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
| |
https://codereview.chromium.org/22978012/
git-svn-id: http://skia.googlecode.com/svn/trunk@10995 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
| |
Chromium ready.
git-svn-id: http://skia.googlecode.com/svn/trunk@10835 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
|
|
|
|
|
|
| |
https://codereview.chromium.org/22978012/
git-svn-id: http://skia.googlecode.com/svn/trunk@10830 2bbb7eff-a529-9590-31e7-b0007b416f81
|
|
Review URL: https://codereview.appspot.com/6873052
git-svn-id: http://skia.googlecode.com/svn/trunk@6662 2bbb7eff-a529-9590-31e7-b0007b416f81
|