Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(301)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: include/core/SkRegion.h

Issue 41253002: Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. (Closed) Base URL: https://skia.googlecode.com/svn/trunk
Patch Set: Adding validation before memory allocation in SkRegion::readFromMemory Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « include/core/SkReader32.h ('k') | samplecode/SampleRegion.cpp » ('j') | tests/SerializationTest.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 1
2 /* 2 /*
3 * Copyright 2005 The Android Open Source Project 3 * Copyright 2005 The Android Open Source Project
4 * 4 *
5 * Use of this source code is governed by a BSD-style license that can be 5 * Use of this source code is governed by a BSD-style license that can be
6 * found in the LICENSE file. 6 * found in the LICENSE file.
7 */ 7 */
8 8
9 9
10 #ifndef SkRegion_DEFINED 10 #ifndef SkRegion_DEFINED
(...skipping 343 matching lines...) Expand 10 before | Expand all | Expand 10 after
354 private: 354 private:
355 const SkRegion::RunType* fRuns; 355 const SkRegion::RunType* fRuns;
356 int fLeft, fRight; 356 int fLeft, fRight;
357 bool fDone; 357 bool fDone;
358 }; 358 };
359 359
360 /** 360 /**
361 * Write the region to the buffer, and return the number of bytes written. 361 * Write the region to the buffer, and return the number of bytes written.
362 * If buffer is NULL, it still returns the number of bytes. 362 * If buffer is NULL, it still returns the number of bytes.
363 */ 363 */
364 uint32_t writeToMemory(void* buffer) const; 364 size_t writeToMemory(void* buffer) const;
365
366 /** 365 /**
367 * Initialized the region from the buffer, returning the number 366 * Initializes the region from the buffer
368 * of bytes actually read. 367 *
368 * @param buffer Memory to read from
369 * @param length Amount of memory available in the buffer
370 * @return number of bytes read (must be a multiple of 4) or
371 * 0 if there was not enough memory available
369 */ 372 */
370 uint32_t readFromMemory(const void* buffer); 373 size_t readFromMemory(const void* buffer, size_t length);
371 374
372 /** 375 /**
373 * Returns a reference to a global empty region. Just a convenience for 376 * Returns a reference to a global empty region. Just a convenience for
374 * callers that need a const empty region. 377 * callers that need a const empty region.
375 */ 378 */
376 static const SkRegion& GetEmptyRegion(); 379 static const SkRegion& GetEmptyRegion();
377 380
378 SkDEBUGCODE(void dump() const;) 381 SkDEBUGCODE(void dump() const;)
379 SkDEBUGCODE(void validate() const;) 382 SkDEBUGCODE(void validate() const;)
380 SkDEBUGCODE(static void UnitTest();) 383 SkDEBUGCODE(static void UnitTest();)
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
437 static bool Oper(const SkRegion&, const SkRegion&, SkRegion::Op, SkRegion*); 440 static bool Oper(const SkRegion&, const SkRegion&, SkRegion::Op, SkRegion*);
438 441
439 friend struct RunHead; 442 friend struct RunHead;
440 friend class Iterator; 443 friend class Iterator;
441 friend class Spanerator; 444 friend class Spanerator;
442 friend class SkRgnBuilder; 445 friend class SkRgnBuilder;
443 friend class SkFlatRegion; 446 friend class SkFlatRegion;
444 }; 447 };
445 448
446 #endif 449 #endif
OLDNEW
« no previous file with comments | « include/core/SkReader32.h ('k') | samplecode/SampleRegion.cpp » ('j') | tests/SerializationTest.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698