From 4cdbf6056de29e8c12c3b1b4c2c2fa286cf68049 Mon Sep 17 00:00:00 2001
From: Leon Scroggins III <scroggo@google.com>
Date: Thu, 28 Sep 2017 14:33:57 -0400
Subject: Avoid uninitialized memory in readByteArrayAsData

Bug: 769134

readByteArray can fail (due to not having enough available or due to the
wrong alignment). If it does, do not return an uninitialized block of
memory.

Further, drop the initial size check, which is covered by readByteArray.

Add a test.

Change-Id: Ia101697c5bb1ca3ae3df1795f37a74b2f602797d
Reviewed-on: https://skia-review.googlesource.com/52742
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Leon Scroggins <scroggo@google.com>
---
 tests/ImageFilterTest.cpp | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'tests/ImageFilterTest.cpp')

diff --git a/tests/ImageFilterTest.cpp b/tests/ImageFilterTest.cpp
index db269f00e8..c39cc2ee83 100644
--- a/tests/ImageFilterTest.cpp
+++ b/tests/ImageFilterTest.cpp
@@ -38,6 +38,7 @@
 #include "SkTableColorFilter.h"
 #include "SkTileImageFilter.h"
 #include "SkXfermodeImageFilter.h"
+#include "Resources.h"
 #include "Test.h"
 #include "sk_tool_utils.h"
 
@@ -1717,6 +1718,18 @@ DEF_TEST(ImageFilterImageSourceSerialization, reporter) {
     REPORTER_ASSERT(reporter, *bm.getAddr32(0, 0) == SkPreMultiplyColor(SK_ColorGREEN));
 }
 
+DEF_TEST(ImageFilterImageSourceUninitialized, r) {
+    sk_sp<SkData> data(GetResourceAsData("crbug769134.fil"));
+    if (!data) {
+        return;
+    }
+    sk_sp<SkImageFilter> unflattenedFilter = SkValidatingDeserializeImageFilter(data->data(),
+                                                                                data->size());
+    // This will fail. More importantly, msan will verify that we did not
+    // compare against uninitialized memory.
+    REPORTER_ASSERT(r, !unflattenedFilter);
+}
+
 static void test_large_blur_input(skiatest::Reporter* reporter, SkCanvas* canvas) {
     SkBitmap largeBmp;
     int largeW = 5000;
-- 
cgit v1.2.3