Fix ImageFilter fuzzer issue

src/core/SkPictureData.h

Index: src/core/SkPictureData.h
diff --git a/src/core/SkPictureData.h b/src/core/SkPictureData.h
index 3acaf579bc8e5200fda3a99ece271783faea2b8d..b6c4ce43da7d439d5a01aa77c7909f3f7d459124 100644
--- a/src/core/SkPictureData.h
+++ b/src/core/SkPictureData.h
@@ -87,39 +87,58 @@ protected:
     bool parseBuffer(SkReadBuffer& buffer);
 
 public:
-    const SkBitmap& getBitmap(SkReader32* reader) const {
+    const SkBitmap& getBitmap(SkReadBuffer* reader) const {
         const int index = reader->readInt();
+        if (index < 0 || index >= fBitmaps.count()) {

[reed1, 2016/04/19 12:54:11]

Seems fine, but a little repetitive.

One condensation could be:

return reader->validate(index < 0 || index >= fBitmaps.count()) ?
fBitmaps[index] : fEmptyBitmap;

And/or, we might add a helper to ReadBuffer...

bool validateIndex(int index, int count) so it will just read

return reader->validateIndex(index, fBitmaps.count()) ? fBitmaps[index] :
fEmptyBitmap;

[robertphillips, 2016/04/19 14:34:42]

Done.

+            reader->makeInvalid();
+            return fEmptyBitmap;
+        }
         return fBitmaps[index];
     }
 
-    const SkImage* getImage(SkReader32* reader) const {
+    const SkImage* getImage(SkReadBuffer* reader) const {
         const int index = reader->readInt();
+        if (index < 0 || index >= fImageCount) {
+            reader->makeInvalid();
+            return nullptr;
+        }
         return fImageRefs[index];
     }
 
-    const SkPath& getPath(SkReader32* reader) const {
-        int index = reader->readInt() - 1;
+    const SkPath& getPath(SkReadBuffer* reader) const {
+        const int index = reader->readInt() - 1;
+        if (index < 0 || index >= fPaths.count()) {
+            reader->makeInvalid();
+            return fEmptyPath;
+        }
         return fPaths[index];
     }
 
-    const SkPicture* getPicture(SkReader32* reader) const {
-        int index = reader->readInt();
-        SkASSERT(index > 0 && index <= fPictureCount);
-        return fPictureRefs[index - 1];
+    const SkPicture* getPicture(SkReadBuffer* reader) const {
+        const int index = reader->readInt() - 1;
+        if (index < 0 || index >= fPictureCount) {
+            reader->makeInvalid();
+            return nullptr;
+        }
+        return fPictureRefs[index];
     }
 
-    const SkPaint* getPaint(SkReader32* reader) const {
-        int index = reader->readInt();
-        if (index == 0) {
+    const SkPaint* getPaint(SkReadBuffer* reader) const {
+        const int index = reader->readInt() - 1;
+        if (index < 0 || index >= fPaints.count()) {
+            reader->makeInvalid();
             return nullptr;
         }
-        return &fPaints[index - 1];
+        return &fPaints[index];
     }
 
-    const SkTextBlob* getTextBlob(SkReader32* reader) const {
-        int index = reader->readInt();
-        SkASSERT(index > 0 && index <= fTextBlobCount);
-        return fTextBlobRefs[index - 1];
+    const SkTextBlob* getTextBlob(SkReadBuffer* reader) const {
+        const int index = reader->readInt() - 1;
+        if (index < 0 || index >= fTextBlobCount) {
+            reader->makeInvalid();
+            return nullptr;
+        }
+        return fTextBlobRefs[index];
     }
 
 #if SK_SUPPORT_GPU
@@ -160,6 +179,9 @@ private:
 
     sk_sp<SkData>   fOpData;    // opcodes and parameters
 
+    const SkPath    fEmptyPath;
+    const SkBitmap  fEmptyBitmap;
+
     const SkPicture** fPictureRefs;
     int fPictureCount;
     const SkTextBlob** fTextBlobRefs;