src/effects/SkMatrixConvolutionImageFilter.cpp - Issue 23548034: Follow up to serialization validation code

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/effects/SkMatrixConvolutionImageFilter.cpp

Issue 23548034: Follow up to serialization validation code (Closed) Base URL: https://skia.googlecode.com/svn/trunk

Patch Set: Created 7 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/effects/SkMatrixConvolutionImageFilter.cpp

diff --git a/src/effects/SkMatrixConvolutionImageFilter.cpp b/src/effects/SkMatrixConvolutionImageFilter.cpp

index dab890f01ae61a9d940686edd216d275c4ecdeca..88844f2f09ef2924e5d91a982a69fed1e68dfa00 100644

--- a/src/effects/SkMatrixConvolutionImageFilter.cpp

+++ b/src/effects/SkMatrixConvolutionImageFilter.cpp

@@ -57,17 +57,27 @@ SkMatrixConvolutionImageFilter::SkMatrixConvolutionImageFilter(const SkISize& ke

SkMatrixConvolutionImageFilter::SkMatrixConvolutionImageFilter(SkFlattenableReadBuffer& buffer) : INHERITED(buffer) {

fKernelSize.fWidth = buffer.readInt();

fKernelSize.fHeight = buffer.readInt();

- uint32_t size = fKernelSize.fWidth * fKernelSize.fHeight;

- fKernel = SkNEW_ARRAY(SkScalar, size);

- SkDEBUGCODE(uint32_t readSize = )buffer.readScalarArray(fKernel);

- SkASSERT(readSize == size);

+ if ((fKernelSize.fWidth >= 1) && (fKernelSize.fHeight >= 1) &&

+ // Make sure size won't be larger than a signed int,

+ // which would still be extremely large for a kernel,

+ // but we don't impose a hard limit for kernel size

+ (SK_MaxS32 / fKernelSize.fWidth >= fKernelSize.fHeight)) {

+ uint32_t size = fKernelSize.fWidth * fKernelSize.fHeight;

+ fKernel = SkNEW_ARRAY(SkScalar, size);

+ uint32_t readSize = buffer.readScalarArray(fKernel);

+ SkASSERT(readSize == size);

+ buffer.validate(readSize == size);

+ } else {

+ fKernel = 0;

+ }

fGain = buffer.readScalar();

fBias = buffer.readScalar();

fTarget.fX = buffer.readInt();

fTarget.fY = buffer.readInt();

fTileMode = (TileMode) buffer.readInt();

fConvolveAlpha = buffer.readBool();

- buffer.validate(SkScalarIsFinite(fGain) &&

+ buffer.validate((fKernel != 0) &&

+ SkScalarIsFinite(fGain) &&

SkScalarIsFinite(fBias) &&

TileModeIsValid(fTileMode));

}

« src/core/SkValidatingReadBuffer.cpp ('K') | « src/core/SkValidatingReadBuffer.cpp ('k') | src/effects/SkMergeImageFilter.cpp » ('j') | src/pipe/SkGPipeRead.cpp » ('J')