Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(76)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: include/core/SkWriter32.h

Issue 41253002: Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. (Closed) Base URL: https://skia.googlecode.com/svn/trunk
Patch Set: Removing SkMatrix's writeToMemory, readFromMemory Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« include/core/SkReader32.h ('K') | « include/core/SkRegion.h ('k') | samplecode/SampleRegion.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 1
2 /* 2 /*
3 * Copyright 2008 The Android Open Source Project 3 * Copyright 2008 The Android Open Source Project
4 * 4 *
5 * Use of this source code is governed by a BSD-style license that can be 5 * Use of this source code is governed by a BSD-style license that can be
6 * found in the LICENSE file. 6 * found in the LICENSE file.
7 */ 7 */
8 8
9 9
10 #ifndef SkWriter32_DEFINED 10 #ifndef SkWriter32_DEFINED
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after
122 rrect.writeToMemory(this->reserve(SkRRect::kSizeInMemory)); 122 rrect.writeToMemory(this->reserve(SkRRect::kSizeInMemory));
123 } 123 }
124 124
125 void writePath(const SkPath& path) { 125 void writePath(const SkPath& path) {
126 size_t size = path.writeToMemory(NULL); 126 size_t size = path.writeToMemory(NULL);
127 SkASSERT(SkAlign4(size) == size); 127 SkASSERT(SkAlign4(size) == size);
128 path.writeToMemory(this->reserve(size)); 128 path.writeToMemory(this->reserve(size));
129 } 129 }
130 130
131 void writeMatrix(const SkMatrix& matrix) { 131 void writeMatrix(const SkMatrix& matrix) {
132 size_t size = matrix.writeToMemory(NULL); 132 for (int i = 0; i < 9; ++i) {
133 SkASSERT(SkAlign4(size) == size); 133 this->writeScalar(matrix[i]);
mtklein 2013/10/25 18:11:49 Were we just never writing the flags at all?
sugoi1 2013/10/25 18:27:20 No, SkMatrix::writeToMemory() was only writing the
134 matrix.writeToMemory(this->reserve(size)); 134 }
135 }
136
137 uint32_t writeMatrixSize(const SkMatrix&) const {
138 return 9 * sizeof(SkScalar);
139 }
140
141 static uint32_t MaxWriteMatrixSize() {
142 return 9 * sizeof(SkScalar) + sizeof(uint32_t);
135 } 143 }
136 144
137 void writeRegion(const SkRegion& rgn) { 145 void writeRegion(const SkRegion& rgn) {
138 size_t size = rgn.writeToMemory(NULL); 146 size_t size = rgn.writeToMemory(NULL);
139 SkASSERT(SkAlign4(size) == size); 147 SkASSERT(SkAlign4(size) == size);
140 rgn.writeToMemory(this->reserve(size)); 148 rgn.writeToMemory(this->reserve(size));
141 } 149 }
142 150
143 // write count bytes (must be a multiple of 4) 151 // write count bytes (must be a multiple of 4)
144 void writeMul4(const void* values, size_t size) { 152 void writeMul4(const void* values, size_t size) {
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after
296 304
297 private: 305 private:
298 union { 306 union {
299 void* fPtrAlignment; 307 void* fPtrAlignment;
300 double fDoubleAlignment; 308 double fDoubleAlignment;
301 char fStorage[SIZE]; 309 char fStorage[SIZE];
302 } fData; 310 } fData;
303 }; 311 };
304 312
305 #endif 313 #endif
OLDNEW
« include/core/SkReader32.h ('K') | « include/core/SkRegion.h ('k') | samplecode/SampleRegion.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698