Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(574)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: include/core/SkRRect.h

Issue 41253002: Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. (Closed) Base URL: https://skia.googlecode.com/svn/trunk
Patch Set: Adding validation before memory allocation in SkRegion::readFromMemory Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « include/core/SkPath.h ('k') | include/core/SkReader32.h » ('j') | tests/SerializationTest.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2012 Google Inc. 2 * Copyright 2012 Google Inc.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license that can be 4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file. 5 * found in the LICENSE file.
6 */ 6 */
7 7
8 #ifndef SkRRect_DEFINED 8 #ifndef SkRRect_DEFINED
9 #define SkRRect_DEFINED 9 #define SkRRect_DEFINED
10 10
(...skipping 226 matching lines...) Expand 10 before | Expand all | Expand 10 after
237 237
238 enum { 238 enum {
239 kSizeInMemory = 12 * sizeof(SkScalar) 239 kSizeInMemory = 12 * sizeof(SkScalar)
240 }; 240 };
241 241
242 /** 242 /**
243 * Write the rrect into the specified buffer. This is guaranteed to always 243 * Write the rrect into the specified buffer. This is guaranteed to always
244 * write kSizeInMemory bytes, and that value is guaranteed to always be 244 * write kSizeInMemory bytes, and that value is guaranteed to always be
245 * a multiple of 4. Return kSizeInMemory. 245 * a multiple of 4. Return kSizeInMemory.
246 */ 246 */
247 uint32_t writeToMemory(void* buffer) const; 247 size_t writeToMemory(void* buffer) const;
248 248
249 /** 249 /**
250 * Read the rrect from the specified buffer. This is guaranteed to always 250 * Reads the rrect from the specified buffer
251 * read kSizeInMemory bytes, and that value is guaranteed to always be 251 *
252 * a multiple of 4. Return kSizeInMemory. 252 * If the specified buffer is large enough, this will read kSizeInMemory byt es,
253 * and that value is guaranteed to always be a multiple of 4.
254 *
255 * @param buffer Memory to read from
256 * @param length Amount of memory available in the buffer
257 * @return number of bytes read (must be a multiple of 4) or
258 * 0 if there was not enough memory available
253 */ 259 */
254 uint32_t readFromMemory(const void* buffer); 260 size_t readFromMemory(const void* buffer, size_t length);
255 261
256 private: 262 private:
257 SkRect fRect; 263 SkRect fRect;
258 // Radii order is UL, UR, LR, LL. Use Corner enum to index into fRadii[] 264 // Radii order is UL, UR, LR, LL. Use Corner enum to index into fRadii[]
259 SkVector fRadii[4]; 265 SkVector fRadii[4];
260 mutable Type fType; 266 mutable Type fType;
261 // TODO: add padding so we can use memcpy for flattening and not copy 267 // TODO: add padding so we can use memcpy for flattening and not copy
262 // uninitialized data 268 // uninitialized data
263 269
264 void computeType() const; 270 void computeType() const;
265 bool checkCornerContainment(SkScalar x, SkScalar y) const; 271 bool checkCornerContainment(SkScalar x, SkScalar y) const;
266 272
267 // to access fRadii directly 273 // to access fRadii directly
268 friend class SkPath; 274 friend class SkPath;
269 }; 275 };
270 276
271 #endif 277 #endif
OLDNEW
« no previous file with comments | « include/core/SkPath.h ('k') | include/core/SkReader32.h » ('j') | tests/SerializationTest.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698