Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(306)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/effects/SkMatrixConvolutionImageFilter.cpp

Issue 23548034: Follow up to serialization validation code (Closed) Base URL: https://skia.googlecode.com/svn/trunk
Patch Set: Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« src/core/SkValidatingReadBuffer.cpp ('K') | « src/core/SkValidatingReadBuffer.cpp ('k') | src/effects/SkMergeImageFilter.cpp » ('j') | src/pipe/SkGPipeRead.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2012 The Android Open Source Project 2 * Copyright 2012 The Android Open Source Project
3 * 3 *
4 * Use of this source code is governed by a BSD-style license that can be 4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file. 5 * found in the LICENSE file.
6 */ 6 */
7 7
8 #include "SkMatrixConvolutionImageFilter.h" 8 #include "SkMatrixConvolutionImageFilter.h"
9 #include "SkBitmap.h" 9 #include "SkBitmap.h"
10 #include "SkColorPriv.h" 10 #include "SkColorPriv.h"
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
50 fKernel = SkNEW_ARRAY(SkScalar, size); 50 fKernel = SkNEW_ARRAY(SkScalar, size);
51 memcpy(fKernel, kernel, size * sizeof(SkScalar)); 51 memcpy(fKernel, kernel, size * sizeof(SkScalar));
52 SkASSERT(kernelSize.fWidth >= 1 && kernelSize.fHeight >= 1); 52 SkASSERT(kernelSize.fWidth >= 1 && kernelSize.fHeight >= 1);
53 SkASSERT(target.fX >= 0 && target.fX < kernelSize.fWidth); 53 SkASSERT(target.fX >= 0 && target.fX < kernelSize.fWidth);
54 SkASSERT(target.fY >= 0 && target.fY < kernelSize.fHeight); 54 SkASSERT(target.fY >= 0 && target.fY < kernelSize.fHeight);
55 } 55 }
56 56
57 SkMatrixConvolutionImageFilter::SkMatrixConvolutionImageFilter(SkFlattenableRead Buffer& buffer) : INHERITED(buffer) { 57 SkMatrixConvolutionImageFilter::SkMatrixConvolutionImageFilter(SkFlattenableRead Buffer& buffer) : INHERITED(buffer) {
58 fKernelSize.fWidth = buffer.readInt(); 58 fKernelSize.fWidth = buffer.readInt();
59 fKernelSize.fHeight = buffer.readInt(); 59 fKernelSize.fHeight = buffer.readInt();
60 uint32_t size = fKernelSize.fWidth * fKernelSize.fHeight; 60 if ((fKernelSize.fWidth >= 1) && (fKernelSize.fHeight >= 1) &&
61 fKernel = SkNEW_ARRAY(SkScalar, size); 61 // Make sure size won't be larger than a signed int,
62 SkDEBUGCODE(uint32_t readSize = )buffer.readScalarArray(fKernel); 62 // which would still be extremely large for a kernel,
63 SkASSERT(readSize == size); 63 // but we don't impose a hard limit for kernel size
64 (SK_MaxS32 / fKernelSize.fWidth >= fKernelSize.fHeight)) {
65 uint32_t size = fKernelSize.fWidth * fKernelSize.fHeight;
66 fKernel = SkNEW_ARRAY(SkScalar, size);
67 uint32_t readSize = buffer.readScalarArray(fKernel);
68 SkASSERT(readSize == size);
69 buffer.validate(readSize == size);
70 } else {
71 fKernel = 0;
72 }
64 fGain = buffer.readScalar(); 73 fGain = buffer.readScalar();
65 fBias = buffer.readScalar(); 74 fBias = buffer.readScalar();
66 fTarget.fX = buffer.readInt(); 75 fTarget.fX = buffer.readInt();
67 fTarget.fY = buffer.readInt(); 76 fTarget.fY = buffer.readInt();
68 fTileMode = (TileMode) buffer.readInt(); 77 fTileMode = (TileMode) buffer.readInt();
69 fConvolveAlpha = buffer.readBool(); 78 fConvolveAlpha = buffer.readBool();
70 buffer.validate(SkScalarIsFinite(fGain) && 79 buffer.validate((fKernel != 0) &&
80 SkScalarIsFinite(fGain) &&
71 SkScalarIsFinite(fBias) && 81 SkScalarIsFinite(fBias) &&
72 TileModeIsValid(fTileMode)); 82 TileModeIsValid(fTileMode));
73 } 83 }
74 84
75 void SkMatrixConvolutionImageFilter::flatten(SkFlattenableWriteBuffer& buffer) c onst { 85 void SkMatrixConvolutionImageFilter::flatten(SkFlattenableWriteBuffer& buffer) c onst {
76 this->INHERITED::flatten(buffer); 86 this->INHERITED::flatten(buffer);
77 buffer.writeInt(fKernelSize.fWidth); 87 buffer.writeInt(fKernelSize.fWidth);
78 buffer.writeInt(fKernelSize.fHeight); 88 buffer.writeInt(fKernelSize.fHeight);
79 buffer.writeScalarArray(fKernel, fKernelSize.fWidth * fKernelSize.fHeight); 89 buffer.writeScalarArray(fKernel, fKernelSize.fWidth * fKernelSize.fHeight);
80 buffer.writeScalar(fGain); 90 buffer.writeScalar(fGain);
(...skipping 511 matching lines...) Expand 10 before | Expand all | Expand 10 after
592 fBias, 602 fBias,
593 fTarget, 603 fTarget,
594 fTileMode, 604 fTileMode,
595 fConvolveAlpha); 605 fConvolveAlpha);
596 return true; 606 return true;
597 } 607 }
598 608
599 /////////////////////////////////////////////////////////////////////////////// 609 ///////////////////////////////////////////////////////////////////////////////
600 610
601 #endif 611 #endif
OLDNEW
« src/core/SkValidatingReadBuffer.cpp ('K') | « src/core/SkValidatingReadBuffer.cpp ('k') | src/effects/SkMergeImageFilter.cpp » ('j') | src/pipe/SkGPipeRead.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698