Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(448)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: include/core/SkMatrix.h

Issue 41253002: Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. (Closed) Base URL: https://skia.googlecode.com/svn/trunk
Patch Set: Adding validation before memory allocation in SkRegion::readFromMemory Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | include/core/SkPath.h » ('j') | tests/SerializationTest.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 1
2 /* 2 /*
3 * Copyright 2006 The Android Open Source Project 3 * Copyright 2006 The Android Open Source Project
4 * 4 *
5 * Use of this source code is governed by a BSD-style license that can be 5 * Use of this source code is governed by a BSD-style license that can be
6 * found in the LICENSE file. 6 * found in the LICENSE file.
7 */ 7 */
8 8
9 9
10 #ifndef SkMatrix_DEFINED 10 #ifndef SkMatrix_DEFINED
(...skipping 541 matching lines...) Expand 10 before | Expand all | Expand 10 after
552 #endif 552 #endif
553 friend bool operator!=(const SkMatrix& a, const SkMatrix& b) { 553 friend bool operator!=(const SkMatrix& a, const SkMatrix& b) {
554 return !(a == b); 554 return !(a == b);
555 } 555 }
556 556
557 enum { 557 enum {
558 // writeTo/readFromMemory will never return a value larger than this 558 // writeTo/readFromMemory will never return a value larger than this
559 kMaxFlattenSize = 9 * sizeof(SkScalar) + sizeof(uint32_t) 559 kMaxFlattenSize = 9 * sizeof(SkScalar) + sizeof(uint32_t)
560 }; 560 };
561 // return the number of bytes written, whether or not buffer is null 561 // return the number of bytes written, whether or not buffer is null
562 uint32_t writeToMemory(void* buffer) const; 562 size_t writeToMemory(void* buffer) const;
563 // return the number of bytes read 563 /**
564 uint32_t readFromMemory(const void* buffer); 564 * Reads data from the buffer parameter
565 *
566 * @param buffer Memory to read from
567 * @param length Amount of memory available in the buffer
568 * @return number of bytes read (must be a multiple of 4) or
569 * 0 if there was not enough memory available
570 */
571 size_t readFromMemory(const void* buffer, size_t length);
565 572
566 SkDEVCODE(void dump() const;) 573 SkDEVCODE(void dump() const;)
567 SkDEVCODE(void toString(SkString*) const;) 574 SkDEVCODE(void toString(SkString*) const;)
568 575
569 /** 576 /**
570 * Calculates the maximum stretching factor of the matrix. If the matrix has 577 * Calculates the maximum stretching factor of the matrix. If the matrix has
571 * perspective -1 is returned. 578 * perspective -1 is returned.
572 * 579 *
573 * @return maximum strecthing factor 580 * @return maximum strecthing factor
574 */ 581 */
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
690 static void RotTrans_pts(const SkMatrix&, SkPoint dst[], const SkPoint[], 697 static void RotTrans_pts(const SkMatrix&, SkPoint dst[], const SkPoint[],
691 int count); 698 int count);
692 static void Persp_pts(const SkMatrix&, SkPoint dst[], const SkPoint[], int); 699 static void Persp_pts(const SkMatrix&, SkPoint dst[], const SkPoint[], int);
693 700
694 static const MapPtsProc gMapPtsProcs[]; 701 static const MapPtsProc gMapPtsProcs[];
695 702
696 friend class SkPerspIter; 703 friend class SkPerspIter;
697 }; 704 };
698 705
699 #endif 706 #endif
OLDNEW
« no previous file with comments | « no previous file | include/core/SkPath.h » ('j') | tests/SerializationTest.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698