From c04987ff731e35227de2a3a1e03d5c93ab1a1327 Mon Sep 17 00:00:00 2001 From: "robertphillips@google.com" Date: Tue, 12 Mar 2013 17:53:53 +0000 Subject: Fixed unitialized memory access bug in r8106 git-svn-id: http://skia.googlecode.com/svn/trunk@8115 2bbb7eff-a529-9590-31e7-b0007b416f81 --- src/core/SkPictureRecord.cpp | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/core/SkPictureRecord.cpp b/src/core/SkPictureRecord.cpp index 6ecc0aad8e..421c2bd960 100644 --- a/src/core/SkPictureRecord.cpp +++ b/src/core/SkPictureRecord.cpp @@ -243,11 +243,12 @@ struct CommandInfo { */ static bool match(SkWriter32* writer, uint32_t offset, int* pattern, CommandInfo* result, int numCommands) { - SkASSERT(offset <= writer->size()); + SkASSERT(offset < writer->size()); uint32_t curOffset = offset; uint32_t curSize = 0; - for (int i = 0; i < numCommands; ++i) { + int numMatched; + for (numMatched = 0; numMatched < numCommands && curOffset < writer->size(); ++numMatched) { DrawType op = peek_op_and_size(writer, curOffset, &curSize); while (NOOP == op && curOffset < writer->size()) { curOffset += curSize; @@ -258,22 +259,26 @@ static bool match(SkWriter32* writer, uint32_t offset, return false; // ran out of byte stream } - if (kDRAW_BITMAP_FLAVOR == pattern[i]) { + if (kDRAW_BITMAP_FLAVOR == pattern[numMatched]) { if (DRAW_BITMAP != op && DRAW_BITMAP_MATRIX != op && DRAW_BITMAP_NINE != op && DRAW_BITMAP_RECT_TO_RECT != op) { return false; } - } else if (op != pattern[i]) { + } else if (op != pattern[numMatched]) { return false; } - result[i].fActualOp = op; - result[i].fOffset = curOffset; - result[i].fSize = curSize; + result[numMatched].fActualOp = op; + result[numMatched].fOffset = curOffset; + result[numMatched].fSize = curSize; curOffset += curSize; } + if (numMatched != numCommands) { + return false; + } + curOffset += curSize; if (curOffset < writer->size()) { // Something else between the last command and the end of the stream -- cgit v1.2.3