Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2020303002:
Fix integer overflow in SkColorSpace (Closed)
DescriptionFix integer overflow in SkColorSpace
BUG=skia:5361
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2020303002
Committed: https://skia.googlesource.com/skia/+/107c895c12458380e0e6d11b9f09c55d383e5878
Patch Set 1 #
Total comments: 1
Patch Set 2 : #Messages
Total messages: 17 (9 generated)
Description was changed from ========== Fix integer overflow in SkColorSpace BUG=skia:5361 ========== to ========== Fix integer overflow in SkColorSpace BUG=skia:5361 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2020303002 ==========
msarett@google.com changed reviewers: + kjlubick@google.com, mtklein@google.com, scroggo@google.com
Thanks to the fuzzer for catching this! https://codereview.chromium.org/2020303002/diff/1/src/core/SkColorSpace.cpp File src/core/SkColorSpace.cpp (right): https://codereview.chromium.org/2020303002/diff/1/src/core/SkColorSpace.cpp#n... src/core/SkColorSpace.cpp:370: static bool safe_add(T arg1, T arg2, size_t* result) { I borrowed this function from SkRawCodec. I think we should have some sort of util function SkTSafeAdd(). Any thoughts? FWIW, I think I should also try to be more conscious of avoiding integer overflow. I'll probably take a pass through codec/colorspace and see if I can catch any similar bugs. We're probably fine when we use decoding libraries, but this is something that could be easily missed when parsing directly bmp, ico, etc.
lgtm
The CQ bit was checked by msarett@google.com
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/2020303002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/2020303002/1
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: Build-Ubuntu-GCC-Mips-Debug-Android-Trybot on client.skia.compile (JOB_FAILED, http://build.chromium.org/p/client.skia.compile/builders/Build-Ubuntu-GCC-Mip...)
The CQ bit was checked by msarett@google.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/2020303002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/2020303002/20001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by msarett@google.com
The patchset sent to the CQ was uploaded after l-g-t-m from scroggo@google.com Link to the patchset: https://codereview.chromium.org/2020303002/#ps20001 (title: " ")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/2020303002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/2020303002/20001
Message was sent while issue was closed.
Description was changed from ========== Fix integer overflow in SkColorSpace BUG=skia:5361 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2020303002 ========== to ========== Fix integer overflow in SkColorSpace BUG=skia:5361 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2020303002 Committed: https://skia.googlesource.com/skia/+/107c895c12458380e0e6d11b9f09c55d383e5878 ==========
Message was sent while issue was closed.
Committed patchset #2 (id:20001) as https://skia.googlesource.com/skia/+/107c895c12458380e0e6d11b9f09c55d383e5878 |
