| Index: src/core/SkReadBuffer.cpp
|
| diff --git a/src/core/SkReadBuffer.cpp b/src/core/SkReadBuffer.cpp
|
| index 06aa9cb6a9f42441dfe689e7bfc45440b2093cce..ca89022d12f64069635f3fb70a91173bb65b002b 100644
|
| --- a/src/core/SkReadBuffer.cpp
|
| +++ b/src/core/SkReadBuffer.cpp
|
| @@ -340,7 +340,10 @@ SkFlattenable* SkReadBuffer::readFlattenable(SkFlattenable::Type ft) {
|
| return nullptr; // writer failed to give us the flattenable
|
| }
|
| index -= 1; // we stored the index-base-1
|
| - SkASSERT(index < fFactoryCount);
|
| + if ((unsigned)index >= (unsigned)fFactoryCount) {
|
| + this->validate(false);
|
| + return nullptr;
|
| + }
|
| factory = fFactoryArray[index];
|
| } else if (fFactoryTDArray) {
|
| int32_t index = fReader.readU32();
|
| @@ -348,6 +351,10 @@ SkFlattenable* SkReadBuffer::readFlattenable(SkFlattenable::Type ft) {
|
| return nullptr; // writer failed to give us the flattenable
|
| }
|
| index -= 1; // we stored the index-base-1
|
| + if ((unsigned)index >= (unsigned)fFactoryCount) {
|
| + this->validate(false);
|
| + return nullptr;
|
| + }
|
| factory = (*fFactoryTDArray)[index];
|
| } else {
|
| factory = (SkFlattenable::Factory)readFunctionPtr();
|
| @@ -366,8 +373,8 @@ SkFlattenable* SkReadBuffer::readFlattenable(SkFlattenable::Type ft) {
|
| // check that we read the amount we expected
|
| size_t sizeRead = fReader.offset() - offset;
|
| if (sizeRecorded != sizeRead) {
|
| - // we could try to fix up the offset...
|
| - sk_throw();
|
| + this->validate(false);
|
| + return nullptr;
|
| }
|
| } else {
|
| // we must skip the remaining data
|
|
|
Chromium Code Reviews
Issue 1615883002:
detect bad/corrupt flattenable factory indices (Closed)
Base URL: https://skia.googlesource.com/skia.git@master