src/core/SkBlitter.cpp - Issue 1453163002: Fix array overrun and add test.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/core/SkBlitter.cpp

Issue 1453163002: Fix array overrun and add test. (Closed) Base URL: https://skia.googlesource.com/skia.git@master

Patch Set: fix long line Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/core/SkBlitter.cpp

diff --git a/src/core/SkBlitter.cpp b/src/core/SkBlitter.cpp

index 1bc9963eeb0db1a1d5007d812c77affe0f61807c..a02ac699e52ccf384991adf90f668705fb199b7e 100644

--- a/src/core/SkBlitter.cpp

+++ b/src/core/SkBlitter.cpp

@@ -126,12 +126,16 @@ void SkBlitter::blitMask(const SkMask& mask, const SkIRect& clip) {

int maskLeft = mask.fBounds.fLeft;

int mask_rowBytes = mask.fRowBytes;

int height = clip.height();

+ SkDEBUGCODE(const uint8_t* endOfImage =

+ mask.fImage + (mask.fBounds.fBottom - mask.fBounds.fTop) * mask_rowBytes;)

const uint8_t* bits = mask.getAddr1(cx, cy);

if (cx == maskLeft && clip.fRight == mask.fBounds.fRight) {

while (--height >= 0) {

- bits_to_runs(this, cx, cy, bits, 0xFF, mask_rowBytes, 0xFF);

+ SkASSERT(bits + mask_rowBytes <= endOfImage);

+ U8CPU rightMask = 0xFF << (8 - (clip.width() & 7));

reed1 2015/11/17 16:24:32 note: this will be bigger than a byte, something y

herb_g 2015/11/17 20:14:03 This ends up working because the bits_to_run code

+ bits_to_runs(this, cx, cy, bits, 0xFF, mask_rowBytes, rightMask);

bits += mask_rowBytes;

cy += 1;

}

@@ -142,7 +146,7 @@ void SkBlitter::blitMask(const SkMask& mask, const SkIRect& clip) {

SkASSERT(rite_edge > left_edge);

int left_mask = 0xFF >> (left_edge & 7);

- int rite_mask = 0xFF << (8 - (rite_edge & 7));

+ int rite_mask = (0xFF << (8 - (rite_edge & 7))) & 0xFF;

int full_runs = (rite_edge >> 3) - ((left_edge + 7) >> 3);

// check for empty right mask, so we don't read off the end (or go slower than we need to)

@@ -162,12 +166,14 @@ void SkBlitter::blitMask(const SkMask& mask, const SkIRect& clip) {

if (full_runs < 0) {

SkASSERT((left_mask & rite_mask) != 0);

while (--height >= 0) {

+ SkASSERT(bits + 1 <= endOfImage);

bits_to_runs(this, cx, cy, bits, left_mask, 1, rite_mask);

bits += mask_rowBytes;

cy += 1;

}

} else {

while (--height >= 0) {

+ SkASSERT(bits + full_runs + 2 <= endOfImage);

bits_to_runs(this, cx, cy, bits, left_mask, full_runs + 2, rite_mask);

bits += mask_rowBytes;

cy += 1;

« no previous file with comments | « no previous file | tests/BlitMaskClip.cpp » ('j') | tests/BlitMaskClip.cpp » ('J')