src/effects/SkMatrixConvolutionImageFilter.cpp - Issue 23548034: Follow up to serialization validation code

Side by Side Diff: src/effects/SkMatrixConvolutionImageFilter.cpp

Issue 23548034: Follow up to serialization validation code (Closed) Base URL: https://skia.googlecode.com/svn/trunk

Patch Set: Merged in changes from 23021015 Created 7 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /*	1 /*

2 * Copyright 2012 The Android Open Source Project	2 * Copyright 2012 The Android Open Source Project

3 *	3 *

4 * Use of this source code is governed by a BSD-style license that can be	4 * Use of this source code is governed by a BSD-style license that can be

5 * found in the LICENSE file.	5 * found in the LICENSE file.

6 */	6 */

7	7

8 #include "SkMatrixConvolutionImageFilter.h"	8 #include "SkMatrixConvolutionImageFilter.h"

9 #include "SkBitmap.h"	9 #include "SkBitmap.h"

10 #include "SkColorPriv.h"	10 #include "SkColorPriv.h"

(...skipping 43 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
54 memcpy(fKernel, kernel, size * sizeof(SkScalar));	54 memcpy(fKernel, kernel, size * sizeof(SkScalar));

55 SkASSERT(kernelSize.fWidth >= 1 && kernelSize.fHeight >= 1);	55 SkASSERT(kernelSize.fWidth >= 1 && kernelSize.fHeight >= 1);

56 SkASSERT(target.fX >= 0 && target.fX < kernelSize.fWidth);	56 SkASSERT(target.fX >= 0 && target.fX < kernelSize.fWidth);

57 SkASSERT(target.fY >= 0 && target.fY < kernelSize.fHeight);	57 SkASSERT(target.fY >= 0 && target.fY < kernelSize.fHeight);

58 }	58 }

59	59

60 SkMatrixConvolutionImageFilter::SkMatrixConvolutionImageFilter(SkFlattenableRead Buffer& buffer)	60 SkMatrixConvolutionImageFilter::SkMatrixConvolutionImageFilter(SkFlattenableRead Buffer& buffer)

61 : INHERITED(buffer) {	61 : INHERITED(buffer) {

62 fKernelSize.fWidth = buffer.readInt();	62 fKernelSize.fWidth = buffer.readInt();

63 fKernelSize.fHeight = buffer.readInt();	63 fKernelSize.fHeight = buffer.readInt();

64 uint32_t size = fKernelSize.fWidth * fKernelSize.fHeight;	64 if ((fKernelSize.fWidth >= 1) && (fKernelSize.fHeight >= 1) &&

65 fKernel = SkNEW_ARRAY(SkScalar, size);	65 // Make sure size won't be larger than a signed int,

66 SkDEBUGCODE(uint32_t readSize = )buffer.readScalarArray(fKernel);	66 // which would still be extremely large for a kernel,

67 SkASSERT(readSize == size);	67 // but we don't impose a hard limit for kernel size

	68 (SK_MaxS32 / fKernelSize.fWidth >= fKernelSize.fHeight)) {

	69 uint32_t size = fKernelSize.fWidth * fKernelSize.fHeight;

	70 fKernel = SkNEW_ARRAY(SkScalar, size);

	71 uint32_t readSize = buffer.readScalarArray(fKernel);
	Stephen White 2013/10/23 18:09:35 Shouldn't we be passing an expected size to readSc Shouldn't we be passing an expected size to readScalarArray() to avoid overflowing fKernel? sugoi1 2013/10/23 18:17:08 Yes, a few of these functions need to be fixed (al Show quoted text On 2013/10/23 18:09:35, Stephen White wrote: > Shouldn't we be passing an expected size to readScalarArray() to avoid overflowing fKernel? Yes, a few of these functions need to be fixed (all the read...Array() functions can overflow the input buffer and readPath, readRegion and readMatrix can overflow the stream). Will do in the next cl.
	72 SkASSERT(readSize == size);

	73 buffer.validate(readSize == size);

	74 } else {

	75 fKernel = 0;

	76 }

68 fGain = buffer.readScalar();	77 fGain = buffer.readScalar();

69 fBias = buffer.readScalar();	78 fBias = buffer.readScalar();

70 fTarget.fX = buffer.readInt();	79 fTarget.fX = buffer.readInt();

71 fTarget.fY = buffer.readInt();	80 fTarget.fY = buffer.readInt();

72 fTileMode = (TileMode) buffer.readInt();	81 fTileMode = (TileMode) buffer.readInt();

73 fConvolveAlpha = buffer.readBool();	82 fConvolveAlpha = buffer.readBool();

74 buffer.validate(SkScalarIsFinite(fGain) &&	83 buffer.validate((fKernel != 0) &&

	84 SkScalarIsFinite(fGain) &&

75 SkScalarIsFinite(fBias) &&	85 SkScalarIsFinite(fBias) &&

76 tile_mode_is_valid(fTileMode));	86 tile_mode_is_valid(fTileMode));

77 }	87 }

78	88

79 void SkMatrixConvolutionImageFilter::flatten(SkFlattenableWriteBuffer& buffer) c onst {	89 void SkMatrixConvolutionImageFilter::flatten(SkFlattenableWriteBuffer& buffer) c onst {

80 this->INHERITED::flatten(buffer);	90 this->INHERITED::flatten(buffer);

81 buffer.writeInt(fKernelSize.fWidth);	91 buffer.writeInt(fKernelSize.fWidth);

82 buffer.writeInt(fKernelSize.fHeight);	92 buffer.writeInt(fKernelSize.fHeight);

83 buffer.writeScalarArray(fKernel, fKernelSize.fWidth * fKernelSize.fHeight);	93 buffer.writeScalarArray(fKernel, fKernelSize.fWidth * fKernelSize.fHeight);

84 buffer.writeScalar(fGain);	94 buffer.writeScalar(fGain);

(...skipping 560 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
645 fBias,	655 fBias,

646 fTarget,	656 fTarget,

647 fTileMode,	657 fTileMode,

648 fConvolveAlpha);	658 fConvolveAlpha);

649 return true;	659 return true;

650 }	660 }

651	661

652 ///////////////////////////////////////////////////////////////////////////////	662 ///////////////////////////////////////////////////////////////////////////////

653	663

654 #endif	664 #endif

OLD	NEW

« src/core/SkValidatingReadBuffer.cpp ('K') | « src/core/SkValidatingReadBuffer.cpp ('k') | src/effects/SkMergeImageFilter.cpp » ('j') | no next file with comments »