src/core/SkMatrix.cpp - Issue 41253002: Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.

Side by Side Diff: src/core/SkMatrix.cpp

Issue 41253002: Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. (Closed) Base URL: https://skia.googlecode.com/svn/trunk

Patch Set: Adding validation before memory allocation in SkRegion::readFromMemory Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /*	1 /*

2 * Copyright 2006 The Android Open Source Project	2 * Copyright 2006 The Android Open Source Project

3 *	3 *

4 * Use of this source code is governed by a BSD-style license that can be	4 * Use of this source code is governed by a BSD-style license that can be

5 * found in the LICENSE file.	5 * found in the LICENSE file.

6 */	6 */

7	7

8 #include "SkMatrix.h"	8 #include "SkMatrix.h"

9 #include "Sk64.h"	9 #include "Sk64.h"

10 #include "SkFloatBits.h"	10 #include "SkFloatBits.h"

(...skipping 1903 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1914 SK_ScalarMax, SK_ScalarMax, SK_ScalarMax,	1914 SK_ScalarMax, SK_ScalarMax, SK_ScalarMax,

1915 SK_ScalarMax, SK_ScalarMax, SK_ScalarMax);	1915 SK_ScalarMax, SK_ScalarMax, SK_ScalarMax);

1916 gInvalid.getType(); // force the type to be computed	1916 gInvalid.getType(); // force the type to be computed

1917 gOnce = true;	1917 gOnce = true;

1918 }	1918 }

1919 return gInvalid;	1919 return gInvalid;

1920 }	1920 }

1921	1921

1922 ///////////////////////////////////////////////////////////////////////////////	1922 ///////////////////////////////////////////////////////////////////////////////

1923	1923

1924 uint32_t SkMatrix::writeToMemory(void* buffer) const {	1924 size_t SkMatrix::writeToMemory(void* buffer) const {

1925 // TODO write less for simple matrices	1925 // TODO write less for simple matrices

	1926 static const size_t sizeInMemory = 9 * sizeof(SkScalar);

1926 if (buffer) {	1927 if (buffer) {

1927 memcpy(buffer, fMat, 9 * sizeof(SkScalar));	1928 memcpy(buffer, fMat, sizeInMemory);

1928 }	1929 }

1929 return 9 * sizeof(SkScalar);	1930 return sizeInMemory;

1930 }	1931 }

1931	1932

1932 uint32_t SkMatrix::readFromMemory(const void* buffer) {	1933 size_t SkMatrix::readFromMemory(const void* buffer, size_t length) {

	1934 static const size_t sizeInMemory = 9 * sizeof(SkScalar);

	1935 if (length < sizeInMemory) {

	1936 return 0;

	1937 }

1933 if (buffer) {	1938 if (buffer) {

1934 memcpy(fMat, buffer, 9 * sizeof(SkScalar));	1939 memcpy(fMat, buffer, sizeInMemory);

1935 this->setTypeMask(kUnknown_Mask);	1940 this->setTypeMask(kUnknown_Mask);

1936 }	1941 }

1937 return 9 * sizeof(SkScalar);	1942 return sizeInMemory;

1938 }	1943 }

1939	1944

1940 #ifdef SK_DEVELOPER	1945 #ifdef SK_DEVELOPER

1941 void SkMatrix::dump() const {	1946 void SkMatrix::dump() const {

1942 SkString str;	1947 SkString str;

1943 this->toString(&str);	1948 this->toString(&str);

1944 SkDebugf("%s\n", str.c_str());	1949 SkDebugf("%s\n", str.c_str());

1945 }	1950 }

1946	1951

1947 void SkMatrix::toString(SkString* str) const {	1952 void SkMatrix::toString(SkString* str) const {

(...skipping 155 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2103 rotation1->fX = cos1;	2108 rotation1->fX = cos1;

2104 rotation1->fY = sin1;	2109 rotation1->fY = sin1;

2105 }	2110 }

2106 if (NULL != rotation2) {	2111 if (NULL != rotation2) {

2107 rotation2->fX = cos2;	2112 rotation2->fX = cos2;

2108 rotation2->fY = sin2;	2113 rotation2->fY = sin2;

2109 }	2114 }

2110	2115

2111 return true;	2116 return true;

2112 }	2117 }

OLD	NEW

« no previous file with comments | « src/core/SkBuffer.cpp ('k') | src/core/SkPath.cpp » ('j') | tests/SerializationTest.cpp » ('J')