| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2015 Google Inc. | 2 * Copyright 2015 Google Inc. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license that can be | 4 * Use of this source code is governed by a BSD-style license that can be |
| 5 * found in the LICENSE file. | 5 * found in the LICENSE file. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #include "SkBmpRLECodec.h" | 8 #include "SkBmpRLECodec.h" |
| 9 #include "SkCodecPriv.h" | 9 #include "SkCodecPriv.h" |
| 10 #include "SkColorPriv.h" | 10 #include "SkColorPriv.h" |
| 11 #include "SkStream.h" | 11 #include "SkStream.h" |
| 12 | 12 |
| 13 /* | 13 /* |
| 14 * Creates an instance of the decoder | 14 * Creates an instance of the decoder |
| 15 * Called only by NewFromStream | 15 * Called only by NewFromStream |
| 16 */ | 16 */ |
| 17 SkBmpRLECodec::SkBmpRLECodec(const SkImageInfo& info, SkStream* stream, | 17 SkBmpRLECodec::SkBmpRLECodec(const SkImageInfo& info, SkStream* stream, |
| 18 uint16_t bitsPerPixel, uint32_t numColors, | 18 uint16_t bitsPerPixel, uint32_t numColors, |
| 19 uint32_t bytesPerColor, uint32_t offset, | 19 uint32_t bytesPerColor, uint32_t offset, |
| 20 SkCodec::SkScanlineOrder rowOrder, | 20 SkCodec::SkScanlineOrder rowOrder, |
| 21 size_t RLEBytes) | 21 size_t RLEBytes) |
| 22 : INHERITED(info, stream, bitsPerPixel, rowOrder) | 22 : INHERITED(info, stream, bitsPerPixel, rowOrder) |
| 23 , fColorTable(nullptr) | 23 , fColorTable(nullptr) |
| 24 , fNumColors(this->computeNumColors(numColors)) | 24 , fNumColors(numColors) |
| 25 , fBytesPerColor(bytesPerColor) | 25 , fBytesPerColor(bytesPerColor) |
| 26 , fOffset(offset) | 26 , fOffset(offset) |
| 27 , fStreamBuffer(new uint8_t[RLEBytes]) | 27 , fStreamBuffer(new uint8_t[RLEBytes]) |
| 28 , fRLEBytes(RLEBytes) | 28 , fRLEBytes(RLEBytes) |
| 29 , fCurrRLEByte(0) | 29 , fCurrRLEByte(0) |
| 30 , fSampleX(1) | 30 , fSampleX(1) |
| 31 {} | 31 {} |
| 32 | 32 |
| 33 /* | 33 /* |
| 34 * Initiates the bitmap decode | 34 * Initiates the bitmap decode |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 75 SkPMColor colorTable[256]; | 75 SkPMColor colorTable[256]; |
| 76 if (this->bitsPerPixel() <= 8) { | 76 if (this->bitsPerPixel() <= 8) { |
| 77 // Inform the caller of the number of colors | 77 // Inform the caller of the number of colors |
| 78 uint32_t maxColors = 1 << this->bitsPerPixel(); | 78 uint32_t maxColors = 1 << this->bitsPerPixel(); |
| 79 if (nullptr != numColors) { | 79 if (nullptr != numColors) { |
| 80 // We set the number of colors to maxColors in order to ensure | 80 // We set the number of colors to maxColors in order to ensure |
| 81 // safe memory accesses. Otherwise, an invalid pixel could | 81 // safe memory accesses. Otherwise, an invalid pixel could |
| 82 // access memory outside of our color table array. | 82 // access memory outside of our color table array. |
| 83 *numColors = maxColors; | 83 *numColors = maxColors; |
| 84 } | 84 } |
| 85 // Don't bother reading more than maxColors. |
| 86 const uint32_t numColorsToRead = |
| 87 fNumColors == 0 ? maxColors : SkTMin(fNumColors, maxColors); |
| 85 | 88 |
| 86 // Read the color table from the stream | 89 // Read the color table from the stream |
| 87 colorBytes = fNumColors * fBytesPerColor; | 90 colorBytes = numColorsToRead * fBytesPerColor; |
| 88 SkAutoTDeleteArray<uint8_t> cBuffer(new uint8_t[colorBytes]); | 91 SkAutoTDeleteArray<uint8_t> cBuffer(new uint8_t[colorBytes]); |
| 89 if (stream()->read(cBuffer.get(), colorBytes) != colorBytes) { | 92 if (stream()->read(cBuffer.get(), colorBytes) != colorBytes) { |
| 90 SkCodecPrintf("Error: unable to read color table.\n"); | 93 SkCodecPrintf("Error: unable to read color table.\n"); |
| 91 return false; | 94 return false; |
| 92 } | 95 } |
| 93 | 96 |
| 94 // Fill in the color table | 97 // Fill in the color table |
| 95 uint32_t i = 0; | 98 uint32_t i = 0; |
| 96 for (; i < fNumColors; i++) { | 99 for (; i < numColorsToRead; i++) { |
| 97 uint8_t blue = get_byte(cBuffer.get(), i*fBytesPerColor); | 100 uint8_t blue = get_byte(cBuffer.get(), i*fBytesPerColor); |
| 98 uint8_t green = get_byte(cBuffer.get(), i*fBytesPerColor + 1); | 101 uint8_t green = get_byte(cBuffer.get(), i*fBytesPerColor + 1); |
| 99 uint8_t red = get_byte(cBuffer.get(), i*fBytesPerColor + 2); | 102 uint8_t red = get_byte(cBuffer.get(), i*fBytesPerColor + 2); |
| 100 colorTable[i] = SkPackARGB32NoCheck(0xFF, red, green, blue); | 103 colorTable[i] = SkPackARGB32NoCheck(0xFF, red, green, blue); |
| 101 } | 104 } |
| 102 | 105 |
| 103 // To avoid segmentation faults on bad pixel data, fill the end of the | 106 // To avoid segmentation faults on bad pixel data, fill the end of the |
| 104 // color table with black. This is the same the behavior as the | 107 // color table with black. This is the same the behavior as the |
| 105 // chromium decoder. | 108 // chromium decoder. |
| 106 for (; i < maxColors; i++) { | 109 for (; i < maxColors; i++) { |
| (...skipping 398 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 505 fSampler.reset(new SkBmpRLESampler(this)); | 508 fSampler.reset(new SkBmpRLESampler(this)); |
| 506 } | 509 } |
| 507 | 510 |
| 508 return fSampler; | 511 return fSampler; |
| 509 } | 512 } |
| 510 | 513 |
| 511 int SkBmpRLECodec::setSampleX(int sampleX){ | 514 int SkBmpRLECodec::setSampleX(int sampleX){ |
| 512 fSampleX = sampleX; | 515 fSampleX = sampleX; |
| 513 return get_scaled_dimension(this->getInfo().width(), sampleX); | 516 return get_scaled_dimension(this->getInfo().width(), sampleX); |
| 514 } | 517 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1498923002:
Fix overflow caught by ASAN. (Closed)
Base URL: https://skia.googlesource.com/skia@master