Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.

src/core/SkPathRef.cpp

 /*
  * Copyright 2013 Google Inc.
  *
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
 
 #include "SkBuffer.h"
+#include "SkFlattenableBuffers.h"
 #include "SkOnce.h"
 #include "SkPath.h"
 #include "SkPathRef.h"
 
 SK_DEFINE_INST_COUNT(SkPathRef);
 
 //////////////////////////////////////////////////////////////////////////////
 SkPathRef::Editor::Editor(SkAutoTUnref<SkPathRef>* pathRef,
                           int incReserveVerbs,
                           int incReservePoints)
@@ skipping 112 matching lines @@
     SkASSERT(pointCount == ref->countPoints());
     SkASSERT(conicCount == ref->fConicWeights.count());
     buffer->read(ref->verbsMemWritable(), verbCount * sizeof(uint8_t));
     buffer->read(ref->fPoints, pointCount * sizeof(SkPoint));
     buffer->read(ref->fConicWeights.begin(), conicCount * sizeof(SkScalar));
     buffer->read(&ref->fBounds, sizeof(SkRect));
     ref->fBoundsIsDirty = false;
     return ref;
 }
 
+uint32_t SkPathRef::SizeToRead(SkFlattenableReadBuffer& buffer
+#ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TOO
+                               , bool newFormat
+#endif
+    ) {
+    uint32_t size = 4 * sizeof(uint32_t) + // fGenerationID, verbCount, pointCount, conicCount
+                    sizeof(SkRect); // fBounds
+#ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TOO
+    if (newFormat) {
+#endif
+       size += sizeof(uint32_t);
+#ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TOO
+    }
+#endif
+    
+    // TODO: Figure out a way to read verbCount, pointCount, conicCount without
+    //       the buffer's peek forward (while making sure we can read these values)

[sugoi1, 2013/10/24 19:51:39]

This isn't completed yet. I need some suggestions. I need to figure out a way to
read verbCount, pointCount, conicCount without moving the buffer's peek forward.
I'd like to do this in a clean way, but I see no way of doing this with
SkFlattenableReadBuffer right now.

Maybe an "unflatten" function could be added by SkPath, SkPathRef, SkRegion
instead of trying to precompute their size before reading these objects. Any
idea, opinion ?

+
+    return size;
+}
+
 void SkPathRef::Rewind(SkAutoTUnref<SkPathRef>* pathRef) {
     if ((*pathRef)->unique()) {
         SkDEBUGCODE((*pathRef)->validate();)
         (*pathRef)->fBoundsIsDirty = true;  // this also invalidates fIsFinite
         (*pathRef)->fVerbCnt = 0;
         (*pathRef)->fPointCnt = 0;
         (*pathRef)->fFreeSpace = (*pathRef)->currSize();
         (*pathRef)->fGenerationID = 0;
         (*pathRef)->fConicWeights.rewind();
         SkDEBUGCODE((*pathRef)->validate();)
@@ skipping 178 matching lines @@
                      fPoints[i].fY - fBounds.fBottom < SK_ScalarNearlyZero);
             if (!fPoints[i].isFinite()) {
                 isFinite = false;
             }
         }
         SkASSERT(SkToBool(fIsFinite) == isFinite);
     }
 #endif
 }
 #endif