Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(152)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/codec/SkBmpStandardCodec.cpp

Issue 1498923002: Fix overflow caught by ASAN. (Closed) Base URL: https://skia.googlesource.com/skia@master
Patch Set: Make variable const. Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/codec/SkBmpStandardCodec.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2015 Google Inc. 2 * Copyright 2015 Google Inc.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license that can be 4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file. 5 * found in the LICENSE file.
6 */ 6 */
7 7
8 #include "SkBmpStandardCodec.h" 8 #include "SkBmpStandardCodec.h"
9 #include "SkCodecPriv.h" 9 #include "SkCodecPriv.h"
10 #include "SkColorPriv.h" 10 #include "SkColorPriv.h"
11 #include "SkStream.h" 11 #include "SkStream.h"
12 12
13 /* 13 /*
14 * Creates an instance of the decoder 14 * Creates an instance of the decoder
15 * Called only by NewFromStream 15 * Called only by NewFromStream
16 */ 16 */
17 SkBmpStandardCodec::SkBmpStandardCodec(const SkImageInfo& info, SkStream* stream , 17 SkBmpStandardCodec::SkBmpStandardCodec(const SkImageInfo& info, SkStream* stream ,
18 uint16_t bitsPerPixel, uint32_t numColors , 18 uint16_t bitsPerPixel, uint32_t numColors ,
19 uint32_t bytesPerColor, uint32_t offset, 19 uint32_t bytesPerColor, uint32_t offset,
20 SkCodec::SkScanlineOrder rowOrder, bool i nIco) 20 SkCodec::SkScanlineOrder rowOrder, bool i nIco)
21 : INHERITED(info, stream, bitsPerPixel, rowOrder) 21 : INHERITED(info, stream, bitsPerPixel, rowOrder)
22 , fColorTable(nullptr) 22 , fColorTable(nullptr)
23 , fNumColors(this->computeNumColors(numColors)) 23 , fNumColors(numColors)
24 , fBytesPerColor(bytesPerColor) 24 , fBytesPerColor(bytesPerColor)
25 , fOffset(offset) 25 , fOffset(offset)
26 , fSwizzler(nullptr) 26 , fSwizzler(nullptr)
27 , fSrcRowBytes(SkAlign4(compute_row_bytes(this->getInfo().width(), this->bit sPerPixel()))) 27 , fSrcRowBytes(SkAlign4(compute_row_bytes(this->getInfo().width(), this->bit sPerPixel())))
28 , fSrcBuffer(new uint8_t [fSrcRowBytes]) 28 , fSrcBuffer(new uint8_t [fSrcRowBytes])
29 , fInIco(inIco) 29 , fInIco(inIco)
30 {} 30 {}
31 31
32 /* 32 /*
33 * Initiates the bitmap decode 33 * Initiates the bitmap decode
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
75 SkPMColor colorTable[256]; 75 SkPMColor colorTable[256];
76 if (this->bitsPerPixel() <= 8) { 76 if (this->bitsPerPixel() <= 8) {
77 // Inform the caller of the number of colors 77 // Inform the caller of the number of colors
78 uint32_t maxColors = 1 << this->bitsPerPixel(); 78 uint32_t maxColors = 1 << this->bitsPerPixel();
79 if (nullptr != numColors) { 79 if (nullptr != numColors) {
80 // We set the number of colors to maxColors in order to ensure 80 // We set the number of colors to maxColors in order to ensure
81 // safe memory accesses. Otherwise, an invalid pixel could 81 // safe memory accesses. Otherwise, an invalid pixel could
82 // access memory outside of our color table array. 82 // access memory outside of our color table array.
83 *numColors = maxColors; 83 *numColors = maxColors;
84 } 84 }
85 // Don't bother reading more than maxColors.
86 const uint32_t numColorsToRead =
87 fNumColors == 0 ? maxColors : SkTMin(fNumColors, maxColors);
85 88
86 // Read the color table from the stream 89 // Read the color table from the stream
87 colorBytes = fNumColors * fBytesPerColor; 90 colorBytes = numColorsToRead * fBytesPerColor;
88 SkAutoTDeleteArray<uint8_t> cBuffer(new uint8_t[colorBytes]); 91 SkAutoTDeleteArray<uint8_t> cBuffer(new uint8_t[colorBytes]);
89 if (stream()->read(cBuffer.get(), colorBytes) != colorBytes) { 92 if (stream()->read(cBuffer.get(), colorBytes) != colorBytes) {
90 SkCodecPrintf("Error: unable to read color table.\n"); 93 SkCodecPrintf("Error: unable to read color table.\n");
91 return false; 94 return false;
92 } 95 }
93 96
94 // Choose the proper packing function 97 // Choose the proper packing function
95 SkPMColor (*packARGB) (uint32_t, uint32_t, uint32_t, uint32_t); 98 SkPMColor (*packARGB) (uint32_t, uint32_t, uint32_t, uint32_t);
96 switch (alphaType) { 99 switch (alphaType) {
97 case kOpaque_SkAlphaType: 100 case kOpaque_SkAlphaType:
98 case kUnpremul_SkAlphaType: 101 case kUnpremul_SkAlphaType:
99 packARGB = &SkPackARGB32NoCheck; 102 packARGB = &SkPackARGB32NoCheck;
100 break; 103 break;
101 case kPremul_SkAlphaType: 104 case kPremul_SkAlphaType:
102 packARGB = &SkPreMultiplyARGB; 105 packARGB = &SkPreMultiplyARGB;
103 break; 106 break;
104 default: 107 default:
105 // This should not be reached because conversion possible 108 // This should not be reached because conversion possible
106 // should fail if the alpha type is not one of the above 109 // should fail if the alpha type is not one of the above
107 // values. 110 // values.
108 SkASSERT(false); 111 SkASSERT(false);
109 packARGB = nullptr; 112 packARGB = nullptr;
110 break; 113 break;
111 } 114 }
112 115
113 // Fill in the color table 116 // Fill in the color table
114 uint32_t i = 0; 117 uint32_t i = 0;
115 for (; i < fNumColors; i++) { 118 for (; i < numColorsToRead; i++) {
116 uint8_t blue = get_byte(cBuffer.get(), i*fBytesPerColor); 119 uint8_t blue = get_byte(cBuffer.get(), i*fBytesPerColor);
117 uint8_t green = get_byte(cBuffer.get(), i*fBytesPerColor + 1); 120 uint8_t green = get_byte(cBuffer.get(), i*fBytesPerColor + 1);
118 uint8_t red = get_byte(cBuffer.get(), i*fBytesPerColor + 2); 121 uint8_t red = get_byte(cBuffer.get(), i*fBytesPerColor + 2);
119 uint8_t alpha; 122 uint8_t alpha;
120 if (kOpaque_SkAlphaType == alphaType) { 123 if (kOpaque_SkAlphaType == alphaType) {
121 alpha = 0xFF; 124 alpha = 0xFF;
122 } else { 125 } else {
123 alpha = get_byte(cBuffer.get(), i*fBytesPerColor + 3); 126 alpha = get_byte(cBuffer.get(), i*fBytesPerColor + 3);
124 } 127 }
125 colorTable[i] = packARGB(alpha, red, green, blue); 128 colorTable[i] = packARGB(alpha, red, green, blue);
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after
289 return kSuccess; 292 return kSuccess;
290 } 293 }
291 294
292 uint32_t SkBmpStandardCodec::onGetFillValue(SkColorType colorType, SkAlphaType a lphaType) const { 295 uint32_t SkBmpStandardCodec::onGetFillValue(SkColorType colorType, SkAlphaType a lphaType) const {
293 const SkPMColor* colorPtr = get_color_ptr(fColorTable.get()); 296 const SkPMColor* colorPtr = get_color_ptr(fColorTable.get());
294 if (colorPtr) { 297 if (colorPtr) {
295 return get_color_table_fill_value(colorType, colorPtr, 0); 298 return get_color_table_fill_value(colorType, colorPtr, 0);
296 } 299 }
297 return INHERITED::onGetFillValue(colorType, alphaType); 300 return INHERITED::onGetFillValue(colorType, alphaType);
298 } 301 }
OLDNEW
« no previous file with comments | « src/codec/SkBmpStandardCodec.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698