Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(144)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/core/SkImageFilter.cpp

Issue 106943002: Fixed a few places where uninitialized memory could have been read (Closed) Base URL: https://skia.googlecode.com/svn/trunk
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« src/core/SkBitmap.cpp ('K') | « src/core/SkBitmap.cpp ('k') | src/effects/SkColorFilters.cpp » ('j') | src/effects/SkColorFilters.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/core/SkImageFilter.cpp
diff --git a/src/core/SkImageFilter.cpp b/src/core/SkImageFilter.cpp
index aadf9040b0403ae1ef8d256e73f6f1aad8d2c5e5..d6b4fcc632e34eb3f50ce00b871ffe74fe51a8ce 100644
--- a/src/core/SkImageFilter.cpp
+++ b/src/core/SkImageFilter.cpp
@@ -63,10 +63,14 @@ SkImageFilter::SkImageFilter(int inputCount, SkFlattenableReadBuffer& buffer) {
} else {
fInputs[i] = NULL;
}
+ if (!buffer.validate(true)) {
+ fInputCount = i; // Do not use fInputs past that point in the destructor
+ break;
+ }
}
SkRect rect;
buffer.readRect(&rect);
- if (buffer.validate(SkIsValidRect(rect))) {
+ if (buffer.validate(true) && buffer.validate(SkIsValidRect(rect))) {
sugoi1 2013/12/05 18:45:47 This extra validate(true) makes sure that we don't
Stephen White 2013/12/05 20:48:22 This is ok, but I'd still prefer we had some kind
uint32_t flags = buffer.readUInt();
fCropRect = CropRect(rect, flags);
}
« src/core/SkBitmap.cpp ('K') | « src/core/SkBitmap.cpp ('k') | src/effects/SkColorFilters.cpp » ('j') | src/effects/SkColorFilters.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698