Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Side by Side Diff: src/effects/SkDashPathEffect.cpp

Issue 2165013002: limit the number of points in SkDashPathEffect::asPoints (Closed) Base URL: https://skia.googlesource.com/skia@master
Patch Set: fix SpecialLineRec point count overflow Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/utils/SkDashPath.cpp » ('j') | src/utils/SkDashPath.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2006 The Android Open Source Project 2 * Copyright 2006 The Android Open Source Project
3 * 3 *
4 * Use of this source code is governed by a BSD-style license that can be 4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file. 5 * found in the LICENSE file.
6 */ 6 */
7 7
8 #include "SkDashPathEffect.h" 8 #include "SkDashPathEffect.h"
9 9
10 #include "SkDashPathPriv.h" 10 #include "SkDashPathPriv.h"
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after
241 len2 -= clampedInitialDashLength; 241 len2 -= clampedInitialDashLength;
242 } 242 }
243 len2 -= fIntervals[1]; // also skip first space 243 len2 -= fIntervals[1]; // also skip first space
244 if (len2 < 0) { 244 if (len2 < 0) {
245 len2 = 0; 245 len2 = 0;
246 } 246 }
247 } else { 247 } else {
248 len2 -= clampedInitialDashLength; // skip initial partial empty 248 len2 -= clampedInitialDashLength; // skip initial partial empty
249 } 249 }
250 } 250 }
251 int numMidPoints = SkScalarFloorToInt(len2 / fIntervalLength); 251 // Too many midpoints can cause results->fNumPoints to overflow or
252 // otherwise cause the results->fPoints allocation below to OOM.
253 // Cap it to a sane value.
254 SkScalar numIntervals = len2 / fIntervalLength;
255 if (!SkScalarIsFinite(numIntervals) || numIntervals > SkDashPath::kMaxDa shCount) {
256 return false;
257 }
258 int numMidPoints = SkScalarFloorToInt(numIntervals);
252 results->fNumPoints += numMidPoints; 259 results->fNumPoints += numMidPoints;
253 len2 -= numMidPoints * fIntervalLength; 260 len2 -= numMidPoints * fIntervalLength;
254 bool partialLast = false; 261 bool partialLast = false;
255 if (len2 > 0) { 262 if (len2 > 0) {
256 if (len2 < fIntervals[0]) { 263 if (len2 < fIntervals[0]) {
257 partialLast = true; 264 partialLast = true;
258 } else { 265 } else {
259 ++numMidPoints; 266 ++numMidPoints;
260 ++results->fNumPoints; 267 ++results->fNumPoints;
261 } 268 }
(...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after
385 #endif 392 #endif
386 393
387 //////////////////////////////////////////////////////////////////////////////// ////////////////// 394 //////////////////////////////////////////////////////////////////////////////// //////////////////
388 395
389 sk_sp<SkPathEffect> SkDashPathEffect::Make(const SkScalar intervals[], int count , SkScalar phase) { 396 sk_sp<SkPathEffect> SkDashPathEffect::Make(const SkScalar intervals[], int count , SkScalar phase) {
390 if (!SkDashPath::ValidDashPath(phase, intervals, count)) { 397 if (!SkDashPath::ValidDashPath(phase, intervals, count)) {
391 return nullptr; 398 return nullptr;
392 } 399 }
393 return sk_sp<SkPathEffect>(new SkDashPathEffect(intervals, count, phase)); 400 return sk_sp<SkPathEffect>(new SkDashPathEffect(intervals, count, phase));
394 } 401 }
OLDNEW
« no previous file with comments | « no previous file | src/utils/SkDashPath.cpp » ('j') | src/utils/SkDashPath.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698