src/core/SkBitmap.cpp - Issue 106943002: Fixed a few places where uninitialized memory could have been read

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: src/core/SkBitmap.cpp

Issue 106943002: Fixed a few places where uninitialized memory could have been read (Closed) Base URL: https://skia.googlecode.com/svn/trunk

Patch Set: Removed bad scalar checks in SkColorMatrixFilter.cpp Created 7 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1	1

2 /*	2 /*

3 * Copyright 2008 The Android Open Source Project	3 * Copyright 2008 The Android Open Source Project

4 *	4 *

5 * Use of this source code is governed by a BSD-style license that can be	5 * Use of this source code is governed by a BSD-style license that can be

6 * found in the LICENSE file.	6 * found in the LICENSE file.

7 */	7 */

8	8

9	9

10 #include "SkBitmap.h"	10 #include "SkBitmap.h"

(...skipping 1539 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1550 this->reset();	1550 this->reset();

1551	1551

1552 int width = buffer.readInt();	1552 int width = buffer.readInt();

1553 int height = buffer.readInt();	1553 int height = buffer.readInt();

1554 int rowBytes = buffer.readInt();	1554 int rowBytes = buffer.readInt();

1555 Config config = (Config)buffer.readInt();	1555 Config config = (Config)buffer.readInt();

1556 SkAlphaType alphaType = (SkAlphaType)buffer.readInt();	1556 SkAlphaType alphaType = (SkAlphaType)buffer.readInt();

1557 buffer.validate((width >= 0) && (height >= 0) && (rowBytes >= 0) &&	1557 buffer.validate((width >= 0) && (height >= 0) && (rowBytes >= 0) &&

1558 SkIsValidConfig(config) && validate_alphaType(config, alphaT ype));	1558 SkIsValidConfig(config) && validate_alphaType(config, alphaT ype));

1559	1559

1560 this->setConfig(config, width, height, rowBytes, alphaType);	1560 bool configIsValid = this->setConfig(config, width, height, rowBytes, alphaT ype);

1561 buffer.validate(fRowBytes >= (fWidth * fBytesPerPixel));	1561 // Note : Using (fRowBytes >= (fWidth * fBytesPerPixel)) in the following te st can create false

	1562 // positives if the multiplication causes an integer overflow. Use th e division instead.

	1563 buffer.validate(configIsValid && (fBytesPerPixel > 0) &&

	1564 ((fRowBytes / fBytesPerPixel) >= fWidth));

1562	1565

1563 int reftype = buffer.readInt();	1566 int reftype = buffer.readInt();

1564 if (buffer.validate((SERIALIZE_PIXELTYPE_REF_DATA == reftype) \|\|	1567 if (buffer.validate((SERIALIZE_PIXELTYPE_REF_DATA == reftype) \|\|

1565 (SERIALIZE_PIXELTYPE_NONE == reftype))) {	1568 (SERIALIZE_PIXELTYPE_NONE == reftype))) {

1566 switch (reftype) {	1569 switch (reftype) {

1567 case SERIALIZE_PIXELTYPE_REF_DATA: {	1570 case SERIALIZE_PIXELTYPE_REF_DATA: {

1568 size_t offset = buffer.readUInt();	1571 size_t offset = buffer.readUInt();

1569 SkPixelRef* pr = buffer.readPixelRef();	1572 SkPixelRef* pr = buffer.readPixelRef();

1570 if (!buffer.validate((NULL == pr) \|\|	1573 if (!buffer.validate((NULL == pr) \|\|

1571 (pr->getAllocatedSizeInBytes() >= (offset + this->getSafe Size())))) {	1574 (pr->getAllocatedSizeInBytes() >= (offset + this->getSafe Size())))) {

(...skipping 82 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1654 if (NULL != uri) {	1657 if (NULL != uri) {

1655 str->appendf(" uri:\"%s\"", uri);	1658 str->appendf(" uri:\"%s\"", uri);

1656 } else {	1659 } else {

1657 str->appendf(" pixelref:%p", pr);	1660 str->appendf(" pixelref:%p", pr);

1658 }	1661 }

1659 }	1662 }

1660	1663

1661 str->append(")");	1664 str->append(")");

1662 }	1665 }

1663 #endif	1666 #endif

OLD	NEW

« no previous file with comments | « samplecode/SampleFilterFuzz.cpp ('k') | src/core/SkImageFilter.cpp » ('j') | src/effects/SkColorMatrixFilter.cpp » ('J')