From 9ca06c4b00bfb9bb1a7f352efd264185e5a95fbc Mon Sep 17 00:00:00 2001 From: robertphillips Date: Wed, 20 Apr 2016 11:43:33 -0700 Subject: Fix ImageFilter fuzzer issue What appears to be happening in this fuzz is that a paint index inside the picture of an SkPictureImageFilter is getting changed to be out of range. BUG=skia:5192 GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1893423002 Review URL: https://codereview.chromium.org/1893423002 --- src/core/SkReadBuffer.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/core/SkReadBuffer.h') diff --git a/src/core/SkReadBuffer.h b/src/core/SkReadBuffer.h index faf853aef5..52758d05ec 100644 --- a/src/core/SkReadBuffer.h +++ b/src/core/SkReadBuffer.h @@ -101,6 +101,7 @@ public: size_t offset() { return fReader.offset(); } bool eof() { return fReader.eof(); } virtual const void* skip(size_t size) { return fReader.skip(size); } + void* readFunctionPtr() { return fReader.readPtr(); } // primitives @@ -121,6 +122,7 @@ public: virtual void readMatrix(SkMatrix* matrix); virtual void readIRect(SkIRect* rect); virtual void readRect(SkRect* rect); + virtual void readRRect(SkRRect* rrect); virtual void readRegion(SkRegion* region); virtual void readPath(SkPath* path); @@ -203,9 +205,12 @@ public: } // Default impelementations don't check anything. - virtual bool validate(bool isValid) { return true; } + virtual bool validate(bool isValid) { return isValid; } virtual bool isValid() const { return true; } virtual bool validateAvailable(size_t size) { return true; } + bool validateIndex(int index, int count) { + return this->validate(index >= 0 && index < count); + } protected: SkReader32 fReader; -- cgit v1.2.3