Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1070)

Unified Diff: src/core/SkPictureShader.cpp

Issue 1151663002: Don't serialize SkPictures in SkPictureShaders when in untrusted mode. (Closed) Base URL: https://skia.googlesource.com/skia@master
Patch Set: tweak Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « include/core/SkPicture.h ('k') | src/core/SkReadBuffer.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/core/SkPictureShader.cpp
diff --git a/src/core/SkPictureShader.cpp b/src/core/SkPictureShader.cpp
index cb508d476b952a7487c320086e220092c3f60f4d..501d5153f524d136762bb6eaef172aa7cfeb663c 100644
--- a/src/core/SkPictureShader.cpp
+++ b/src/core/SkPictureShader.cpp
@@ -122,6 +122,8 @@ SkShader* SkPictureShader::Create(const SkPicture* picture, TileMode tmx, TileMo
return SkNEW_ARGS(SkPictureShader, (picture, tmx, tmy, localMatrix, tile));
}
+// TODO: rename SK_DISALLOW_CROSSPROCESS_PICTUREIMAGEFILTERS to SK_DISALLOW_CROSSPROCESS_PICTURES
+
SkFlattenable* SkPictureShader::CreateProc(SkReadBuffer& buffer) {
SkMatrix lm;
buffer.readMatrix(&lm);
@@ -129,7 +131,27 @@ SkFlattenable* SkPictureShader::CreateProc(SkReadBuffer& buffer) {
TileMode my = (TileMode)buffer.read32();
SkRect tile;
buffer.readRect(&tile);
- SkAutoTUnref<SkPicture> picture(SkPicture::CreateFromBuffer(buffer));
+
+ SkAutoTUnref<SkPicture> picture;
+#ifdef SK_DISALLOW_CROSSPROCESS_PICTUREIMAGEFILTERS
+ if (buffer.isCrossProcess()) {
+ if (buffer.isVersionLT(SkReadBuffer::kPictureShaderHasPictureBool_Version)) {
+ // Older code blindly serialized pictures. We don't trust them.
+ buffer.validate(false);
+ return NULL;
+ }
+ // Newer code won't serialize pictures in disallow-cross-process-picture mode.
+ // Assert that they didn't serialize anything except a false here.
+ buffer.validate(!buffer.readBool());
+ } else
+#endif
+ {
+ // Old code always serialized the picture. New code writes a 'true' first if it did.
+ if (buffer.isVersionLT(SkReadBuffer::kPictureShaderHasPictureBool_Version) ||
+ buffer.readBool()) {
+ picture.reset(SkPicture::CreateFromBuffer(buffer));
+ }
+ }
return SkPictureShader::Create(picture, mx, my, &lm, &tile);
}
@@ -138,7 +160,18 @@ void SkPictureShader::flatten(SkWriteBuffer& buffer) const {
buffer.write32(fTmx);
buffer.write32(fTmy);
buffer.writeRect(fTile);
- fPicture->flatten(buffer);
+
+#ifdef SK_DISALLOW_CROSSPROCESS_PICTUREIMAGEFILTERS
+ // The deserialization code won't trust that our serialized picture is safe to deserialize.
+ // So write a 'false' telling it that we're not serializing a picture.
+ if (buffer.isCrossProcess()) {
+ buffer.writeBool(false);
+ } else
+#endif
+ {
+ buffer.writeBool(true);
+ fPicture->flatten(buffer);
+ }
}
SkShader* SkPictureShader::refBitmapShader(const SkMatrix& matrix, const SkMatrix* localM,
« no previous file with comments | « include/core/SkPicture.h ('k') | src/core/SkReadBuffer.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698