Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1533)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/core/SkPictureData.h

Issue 1893423002: Fix ImageFilter fuzzer issue (Closed) Base URL: https://skia.googlesource.com/skia.git@master
Patch Set: Remove setOffset Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | src/core/SkPicturePlayback.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/core/SkPictureData.h
diff --git a/src/core/SkPictureData.h b/src/core/SkPictureData.h
index 3acaf579bc8e5200fda3a99ece271783faea2b8d..7e7927b24d74ab1314478e0018168c7d44033c22 100644
--- a/src/core/SkPictureData.h
+++ b/src/core/SkPictureData.h
@@ -87,39 +87,34 @@ protected:
bool parseBuffer(SkReadBuffer& buffer);
public:
- const SkBitmap& getBitmap(SkReader32* reader) const {
+ const SkBitmap& getBitmap(SkReadBuffer* reader) const {
const int index = reader->readInt();
- return fBitmaps[index];
+ return reader->validateIndex(index, fBitmaps.count()) ? fBitmaps[index] : fEmptyBitmap;
}
- const SkImage* getImage(SkReader32* reader) const {
+ const SkImage* getImage(SkReadBuffer* reader) const {
const int index = reader->readInt();
- return fImageRefs[index];
+ return reader->validateIndex(index, fImageCount) ? fImageRefs[index] : nullptr;
}
- const SkPath& getPath(SkReader32* reader) const {
- int index = reader->readInt() - 1;
- return fPaths[index];
+ const SkPath& getPath(SkReadBuffer* reader) const {
+ const int index = reader->readInt() - 1;
+ return reader->validateIndex(index, fPaths.count()) ? fPaths[index] : fEmptyPath;
}
- const SkPicture* getPicture(SkReader32* reader) const {
- int index = reader->readInt();
- SkASSERT(index > 0 && index <= fPictureCount);
- return fPictureRefs[index - 1];
+ const SkPicture* getPicture(SkReadBuffer* reader) const {
+ const int index = reader->readInt() - 1;
+ return reader->validateIndex(index, fPictureCount) ? fPictureRefs[index] : nullptr;
}
- const SkPaint* getPaint(SkReader32* reader) const {
- int index = reader->readInt();
- if (index == 0) {
- return nullptr;
- }
- return &fPaints[index - 1];
+ const SkPaint* getPaint(SkReadBuffer* reader) const {
+ const int index = reader->readInt() - 1;
+ return reader->validateIndex(index, fPaints.count()) ? &fPaints[index] : nullptr;
}
- const SkTextBlob* getTextBlob(SkReader32* reader) const {
- int index = reader->readInt();
- SkASSERT(index > 0 && index <= fTextBlobCount);
- return fTextBlobRefs[index - 1];
+ const SkTextBlob* getTextBlob(SkReadBuffer* reader) const {
+ const int index = reader->readInt() - 1;
+ return reader->validateIndex(index, fTextBlobCount) ? fTextBlobRefs[index] : nullptr;
}
#if SK_SUPPORT_GPU
@@ -160,6 +155,9 @@ private:
sk_sp<SkData> fOpData; // opcodes and parameters
+ const SkPath fEmptyPath;
+ const SkBitmap fEmptyBitmap;
+
const SkPicture** fPictureRefs;
int fPictureCount;
const SkTextBlob** fTextBlobRefs;
« no previous file with comments | « no previous file | src/core/SkPicturePlayback.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698