src/codec/SkBmpStandardCodec.cpp - Issue 1498923002: Fix overflow caught by ASAN.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/codec/SkBmpStandardCodec.cpp

Issue 1498923002: Fix overflow caught by ASAN. (Closed) Base URL: https://skia.googlesource.com/skia@master

Patch Set: Refactor; remove SkBmpCodec::computeNumColors. Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: src/codec/SkBmpStandardCodec.cpp

diff --git a/src/codec/SkBmpStandardCodec.cpp b/src/codec/SkBmpStandardCodec.cpp

index fd4d6d18bc2d3df2ea6366554dc3bf56ec72700e..95dc340f9b1068fdb56d47a349561374115c11f3 100644

--- a/src/codec/SkBmpStandardCodec.cpp

+++ b/src/codec/SkBmpStandardCodec.cpp

@@ -20,7 +20,7 @@ SkBmpStandardCodec::SkBmpStandardCodec(const SkImageInfo& info, SkStream* stream

SkCodec::SkScanlineOrder rowOrder, bool inIco)

: INHERITED(info, stream, bitsPerPixel, rowOrder)

, fColorTable(nullptr)

- , fNumColors(this->computeNumColors(numColors))

+ , fNumColors(numColors)

, fBytesPerColor(bytesPerColor)

, fOffset(offset)

, fSwizzler(nullptr)

@@ -82,9 +82,11 @@ SkCodec::Result SkBmpStandardCodec::onGetPixels(const SkImageInfo& dstInfo,

// access memory outside of our color table array.

*numColors = maxColors;

}

+ // Don't bother reading more than maxColors.

+ uint32_t numColorsToRead = fNumColors == 0 ? maxColors : SkTMin(fNumColors, maxColors);

scroggo 2015/12/04 16:28:57 const?

dogben 2015/12/04 16:34:43 Done.

// Read the color table from the stream

- colorBytes = fNumColors * fBytesPerColor;

+ colorBytes = numColorsToRead * fBytesPerColor;

SkAutoTDeleteArray<uint8_t> cBuffer(new uint8_t[colorBytes]);

if (stream()->read(cBuffer.get(), colorBytes) != colorBytes) {

SkCodecPrintf("Error: unable to read color table.\n");

@@ -112,7 +114,7 @@ SkCodec::Result SkBmpStandardCodec::onGetPixels(const SkImageInfo& dstInfo,

// Fill in the color table

uint32_t i = 0;

- for (; i < fNumColors; i++) {

+ for (; i < numColorsToRead; i++) {

uint8_t blue = get_byte(cBuffer.get(), i*fBytesPerColor);

uint8_t green = get_byte(cBuffer.get(), i*fBytesPerColor + 1);

uint8_t red = get_byte(cBuffer.get(), i*fBytesPerColor + 2);

« src/codec/SkBmpRLECodec.cpp ('K') | « src/codec/SkBmpStandardCodec.h ('k') | no next file » | no next file with comments »