| OLD | NEW |
|---|
| 1 | 1 |
| 2 /* | 2 /* |
| 3 * Copyright 2006 The Android Open Source Project | 3 * Copyright 2006 The Android Open Source Project |
| 4 * | 4 * |
| 5 * Use of this source code is governed by a BSD-style license that can be | 5 * Use of this source code is governed by a BSD-style license that can be |
| 6 * found in the LICENSE file. | 6 * found in the LICENSE file. |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 | 9 |
| 10 #include "SkBuffer.h" | 10 #include "SkBuffer.h" |
| 11 #include "SkErrorInternals.h" | 11 #include "SkErrorInternals.h" |
| 12 #include "SkFlattenableBuffers.h" |
| 12 #include "SkMath.h" | 13 #include "SkMath.h" |
| 13 #include "SkPath.h" | 14 #include "SkPath.h" |
| 14 #include "SkPathRef.h" | 15 #include "SkPathRef.h" |
| 15 #include "SkRRect.h" | 16 #include "SkRRect.h" |
| 16 #include "SkThread.h" | 17 #include "SkThread.h" |
| 17 | 18 |
| 18 SK_DEFINE_INST_COUNT(SkPath); | 19 SK_DEFINE_INST_COUNT(SkPath); |
| 19 | 20 |
| 20 // This value is just made-up for now. When count is 4, calling memset was much | 21 // This value is just made-up for now. When count is 4, calling memset was much |
| 21 // slower than just writing the loop. This seems odd, and hopefully in the | 22 // slower than just writing the loop. This seems odd, and hopefully in the |
| (...skipping 2057 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2079 fPts = srcPts; | 2080 fPts = srcPts; |
| 2080 return (Verb)verb; | 2081 return (Verb)verb; |
| 2081 } | 2082 } |
| 2082 | 2083 |
| 2083 /////////////////////////////////////////////////////////////////////////////// | 2084 /////////////////////////////////////////////////////////////////////////////// |
| 2084 | 2085 |
| 2085 /* | 2086 /* |
| 2086 Format in compressed buffer: [ptCount, verbCount, pts[], verbs[]] | 2087 Format in compressed buffer: [ptCount, verbCount, pts[], verbs[]] |
| 2087 */ | 2088 */ |
| 2088 | 2089 |
| 2090 uint32_t SkPath::sizeInMemory() const { |
| 2091 const int byteCount = sizeof(int32_t) + fPathRef->writeSize(); |
| 2092 return SkAlign4(byteCount); |
| 2093 } |
| 2094 |
| 2095 uint32_t SkPath::SizeToRead(SkFlattenableReadBuffer& buffer) { |
| 2096 #ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TO
O |
| 2097 uint32_t packed = buffer.getArrayCount(); |
| 2098 bool newFormat = (packed >> kNewFormat_SerializationShift) & 1; |
| 2099 #endif |
| 2100 return sizeof(int32_t) + SkPathRef::SizeToRead(buffer |
| 2101 #ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TO
O |
| 2102 , newFormat |
| 2103 #endif |
| 2104 ); |
| 2105 } |
| 2106 |
| 2089 uint32_t SkPath::writeToMemory(void* storage) const { | 2107 uint32_t SkPath::writeToMemory(void* storage) const { |
| 2090 SkDEBUGCODE(this->validate();) | 2108 SkDEBUGCODE(this->validate();) |
| 2091 | 2109 |
| 2092 if (NULL == storage) { | 2110 if (NULL == storage) { |
| 2093 const int byteCount = sizeof(int32_t) + fPathRef->writeSize(); | 2111 return sizeInMemory(); |
| 2094 return SkAlign4(byteCount); | |
| 2095 } | 2112 } |
| 2096 | 2113 |
| 2097 SkWBuffer buffer(storage); | 2114 SkWBuffer buffer(storage); |
| 2098 | 2115 |
| 2099 int32_t packed = ((fIsOval & 1) << kIsOval_SerializationShift) | | 2116 int32_t packed = ((fIsOval & 1) << kIsOval_SerializationShift) | |
| 2100 (fConvexity << kConvexity_SerializationShift) | | 2117 (fConvexity << kConvexity_SerializationShift) | |
| 2101 (fFillType << kFillType_SerializationShift) | | 2118 (fFillType << kFillType_SerializationShift) | |
| 2102 (fSegmentMask << kSegmentMask_SerializationShift) | | 2119 (fSegmentMask << kSegmentMask_SerializationShift) | |
| 2103 (fDirection << kDirection_SerializationShift) | 2120 (fDirection << kDirection_SerializationShift) |
| 2104 #ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TO
O | 2121 #ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TO
O |
| 2105 | (0x1 << kNewFormat_SerializationShift); | 2122 | (0x1 << kNewFormat_SerializationShift); |
| 2106 #endif | 2123 #endif |
| 2107 | 2124 |
| 2108 buffer.write32(packed); | 2125 buffer.write32(packed); |
| 2109 | 2126 |
| 2110 fPathRef->writeToBuffer(&buffer); | 2127 fPathRef->writeToBuffer(&buffer); |
| 2111 | 2128 |
| 2112 buffer.padToAlign4(); | 2129 buffer.padToAlign4(); |
| 2113 return SkToU32(buffer.pos()); | 2130 uint32_t writeSize = SkToU32(buffer.pos()); |
| 2131 SkASSERT(sizeInMemory() == writeSize); |
| 2132 return writeSize; |
| 2114 } | 2133 } |
| 2115 | 2134 |
| 2116 uint32_t SkPath::readFromMemory(const void* storage) { | 2135 uint32_t SkPath::readFromMemory(const void* storage) { |
| 2117 SkRBuffer buffer(storage); | 2136 SkRBuffer buffer(storage); |
| 2118 | 2137 |
| 2119 uint32_t packed = buffer.readS32(); | 2138 uint32_t packed = buffer.readS32(); |
| 2120 fIsOval = (packed >> kIsOval_SerializationShift) & 1; | 2139 fIsOval = (packed >> kIsOval_SerializationShift) & 1; |
| 2121 fConvexity = (packed >> kConvexity_SerializationShift) & 0xFF; | 2140 fConvexity = (packed >> kConvexity_SerializationShift) & 0xFF; |
| 2122 fFillType = (packed >> kFillType_SerializationShift) & 0xFF; | 2141 fFillType = (packed >> kFillType_SerializationShift) & 0xFF; |
| 2123 fSegmentMask = (packed >> kSegmentMask_SerializationShift) & 0xF; | 2142 fSegmentMask = (packed >> kSegmentMask_SerializationShift) & 0xF; |
| 2124 fDirection = (packed >> kDirection_SerializationShift) & 0x3; | 2143 fDirection = (packed >> kDirection_SerializationShift) & 0x3; |
| 2125 #ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TO
O | 2144 #ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TO
O |
| 2126 bool newFormat = (packed >> kNewFormat_SerializationShift) & 1; | 2145 bool newFormat = (packed >> kNewFormat_SerializationShift) & 1; |
| 2127 #endif | 2146 #endif |
| 2128 | 2147 |
| 2129 fPathRef.reset(SkPathRef::CreateFromBuffer(&buffer | 2148 fPathRef.reset(SkPathRef::CreateFromBuffer(&buffer |
| 2130 #ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TO
O | 2149 #ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TO
O |
| 2131 , newFormat, packed) | 2150 , newFormat, packed |
| 2132 #endif | 2151 #endif |
| 2133 ); | 2152 )); |
| 2134 | 2153 |
| 2135 buffer.skipToAlign4(); | 2154 buffer.skipToAlign4(); |
| 2136 | 2155 |
| 2137 GEN_ID_INC; | 2156 GEN_ID_INC; |
| 2138 | 2157 |
| 2139 SkDEBUGCODE(this->validate();) | 2158 SkDEBUGCODE(this->validate();) |
| 2140 return SkToU32(buffer.pos()); | 2159 uint32_t readSize = SkToU32(buffer.pos()); |
| 2160 SkASSERT(sizeInMemory() == readSize); |
| 2161 return readSize; |
| 2141 } | 2162 } |
| 2142 | 2163 |
| 2143 /////////////////////////////////////////////////////////////////////////////// | 2164 /////////////////////////////////////////////////////////////////////////////// |
| 2144 | 2165 |
| 2145 #include "SkString.h" | 2166 #include "SkString.h" |
| 2146 | 2167 |
| 2147 static void append_scalar(SkString* str, SkScalar value) { | 2168 static void append_scalar(SkString* str, SkScalar value) { |
| 2148 SkString tmp; | 2169 SkString tmp; |
| 2149 tmp.printf("%g", value); | 2170 tmp.printf("%g", value); |
| 2150 if (tmp.contains('.')) { | 2171 if (tmp.contains('.')) { |
| (...skipping 851 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3002 switch (this->getFillType()) { | 3023 switch (this->getFillType()) { |
| 3003 case SkPath::kEvenOdd_FillType: | 3024 case SkPath::kEvenOdd_FillType: |
| 3004 case SkPath::kInverseEvenOdd_FillType: | 3025 case SkPath::kInverseEvenOdd_FillType: |
| 3005 w &= 1; | 3026 w &= 1; |
| 3006 break; | 3027 break; |
| 3007 default: | 3028 default: |
| 3008 break; | 3029 break; |
| 3009 } | 3030 } |
| 3010 return SkToBool(w); | 3031 return SkToBool(w); |
| 3011 } | 3032 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 41253002:
Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. (Closed)
Base URL: https://skia.googlecode.com/svn/trunk