| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2011 Google Inc. | 2 * Copyright 2011 Google Inc. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license that can be | 4 * Use of this source code is governed by a BSD-style license that can be |
| 5 * found in the LICENSE file. | 5 * found in the LICENSE file. |
| 6 */ | 6 */ |
| 7 #include <new> | 7 #include <new> |
| 8 #include "SkPictureData.h" | 8 #include "SkPictureData.h" |
| 9 #include "SkPictureRecord.h" | 9 #include "SkPictureRecord.h" |
| 10 #include "SkReadBuffer.h" | 10 #include "SkReadBuffer.h" |
| (...skipping 355 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 366 SkAutoTUnref<SkTypeface> tf(SkTypeface::Deserialize(stream)); | 366 SkAutoTUnref<SkTypeface> tf(SkTypeface::Deserialize(stream)); |
| 367 if (!tf.get()) { // failed to deserialize | 367 if (!tf.get()) { // failed to deserialize |
| 368 // fTFPlayback asserts it never has a null, so we plop in | 368 // fTFPlayback asserts it never has a null, so we plop in |
| 369 // the default here. | 369 // the default here. |
| 370 tf.reset(SkTypeface::RefDefault()); | 370 tf.reset(SkTypeface::RefDefault()); |
| 371 } | 371 } |
| 372 fTFPlayback.set(i, tf); | 372 fTFPlayback.set(i, tf); |
| 373 } | 373 } |
| 374 } break; | 374 } break; |
| 375 case SK_PICT_PICTURE_TAG: { | 375 case SK_PICT_PICTURE_TAG: { |
| 376 fPictureCount = size; | 376 fPictureCount = 0; |
| 377 fPictureRefs = SkNEW_ARRAY(const SkPicture*, fPictureCount); | 377 fPictureRefs = SkNEW_ARRAY(const SkPicture*, size); |
| 378 bool success = true; | 378 for (uint32_t i = 0; i < size; i++) { |
| 379 int i = 0; | |
| 380 for ( ; i < fPictureCount; i++) { | |
| 381 fPictureRefs[i] = SkPicture::CreateFromStream(stream, proc); | 379 fPictureRefs[i] = SkPicture::CreateFromStream(stream, proc); |
| 382 if (NULL == fPictureRefs[i]) { | 380 if (!fPictureRefs[i]) { |
| 383 success = false; | 381 return false; |
| 384 break; | |
| 385 } | 382 } |
| 386 } | 383 fPictureCount++; |
| 387 if (!success) { | |
| 388 // Delete all of the pictures that were already created (up to b
ut excluding i): | |
| 389 for (int j = 0; j < i; j++) { | |
| 390 fPictureRefs[j]->unref(); | |
| 391 } | |
| 392 // Delete the array | |
| 393 SkDELETE_ARRAY(fPictureRefs); | |
| 394 fPictureCount = 0; | |
| 395 return false; | |
| 396 } | 384 } |
| 397 } break; | 385 } break; |
| 398 case SK_PICT_BUFFER_SIZE_TAG: { | 386 case SK_PICT_BUFFER_SIZE_TAG: { |
| 399 SkAutoMalloc storage(size); | 387 SkAutoMalloc storage(size); |
| 400 if (stream->read(storage.get(), size) != size) { | 388 if (stream->read(storage.get(), size) != size) { |
| 401 return false; | 389 return false; |
| 402 } | 390 } |
| 403 | 391 |
| 404 /* Should we use SkValidatingReadBuffer instead? */ | 392 /* Should we use SkValidatingReadBuffer instead? */ |
| 405 SkReadBuffer buffer(storage.get(), size); | 393 SkReadBuffer buffer(storage.get(), size); |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 622 } | 610 } |
| 623 } | 611 } |
| 624 | 612 |
| 625 bool SkPictureData::suitableForLayerOptimization() const { | 613 bool SkPictureData::suitableForLayerOptimization() const { |
| 626 return fContentInfo.numLayers() > 0; | 614 return fContentInfo.numLayers() > 0; |
| 627 } | 615 } |
| 628 #endif | 616 #endif |
| 629 /////////////////////////////////////////////////////////////////////////////// | 617 /////////////////////////////////////////////////////////////////////////////// |
| 630 | 618 |
| 631 | 619 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1264503011:
Double free in ~SkPictureData() (Closed)
Base URL: https://chromium.googlesource.com/skia.git@master