Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(112)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/pipe/SkGPipeWrite.cpp

Issue 41253002: Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. (Closed) Base URL: https://skia.googlecode.com/svn/trunk
Patch Set: Removing SkMatrix's writeToMemory, readFromMemory Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« include/core/SkWriter32.h ('K') | « src/core/SkValidatingReadBuffer.cpp ('k') | tests/MatrixTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 1
2 /* 2 /*
3 * Copyright 2011 Google Inc. 3 * Copyright 2011 Google Inc.
4 * 4 *
5 * Use of this source code is governed by a BSD-style license that can be 5 * Use of this source code is governed by a BSD-style license that can be
6 * found in the LICENSE file. 6 * found in the LICENSE file.
7 */ 7 */
8 8
9 #include "SkAnnotation.h" 9 #include "SkAnnotation.h"
10 #include "SkBitmapDevice.h" 10 #include "SkBitmapDevice.h"
(...skipping 591 matching lines...) Expand 10 before | Expand all | Expand 10 after
602 fWriter.writeScalar(sx); 602 fWriter.writeScalar(sx);
603 fWriter.writeScalar(sy); 603 fWriter.writeScalar(sy);
604 } 604 }
605 } 605 }
606 return this->INHERITED::skew(sx, sy); 606 return this->INHERITED::skew(sx, sy);
607 } 607 }
608 608
609 bool SkGPipeCanvas::concat(const SkMatrix& matrix) { 609 bool SkGPipeCanvas::concat(const SkMatrix& matrix) {
610 if (!matrix.isIdentity()) { 610 if (!matrix.isIdentity()) {
611 NOTIFY_SETUP(this); 611 NOTIFY_SETUP(this);
612 if (this->needOpBytes(matrix.writeToMemory(NULL))) { 612 if (this->needOpBytes(fWriter.writeMatrixSize(matrix))) {
613 this->writeOp(kConcat_DrawOp); 613 this->writeOp(kConcat_DrawOp);
614 fWriter.writeMatrix(matrix); 614 fWriter.writeMatrix(matrix);
615 } 615 }
616 } 616 }
617 return this->INHERITED::concat(matrix); 617 return this->INHERITED::concat(matrix);
618 } 618 }
619 619
620 void SkGPipeCanvas::setMatrix(const SkMatrix& matrix) { 620 void SkGPipeCanvas::setMatrix(const SkMatrix& matrix) {
621 NOTIFY_SETUP(this); 621 NOTIFY_SETUP(this);
622 if (this->needOpBytes(matrix.writeToMemory(NULL))) { 622 if (this->needOpBytes(fWriter.writeMatrixSize(matrix))) {
623 this->writeOp(kSetMatrix_DrawOp); 623 this->writeOp(kSetMatrix_DrawOp);
624 fWriter.writeMatrix(matrix); 624 fWriter.writeMatrix(matrix);
625 } 625 }
626 this->INHERITED::setMatrix(matrix); 626 this->INHERITED::setMatrix(matrix);
627 } 627 }
628 628
629 bool SkGPipeCanvas::clipRect(const SkRect& rect, SkRegion::Op rgnOp, 629 bool SkGPipeCanvas::clipRect(const SkRect& rect, SkRegion::Op rgnOp,
630 bool doAntiAlias) { 630 bool doAntiAlias) {
631 NOTIFY_SETUP(this); 631 NOTIFY_SETUP(this);
632 if (this->needOpBytes(sizeof(SkRect))) { 632 if (this->needOpBytes(sizeof(SkRect))) {
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after
794 if (hasSrc) { 794 if (hasSrc) {
795 fWriter.writeRect(*src); 795 fWriter.writeRect(*src);
796 } 796 }
797 fWriter.writeRect(dst); 797 fWriter.writeRect(dst);
798 } 798 }
799 } 799 }
800 800
801 void SkGPipeCanvas::drawBitmapMatrix(const SkBitmap& bm, const SkMatrix& matrix, 801 void SkGPipeCanvas::drawBitmapMatrix(const SkBitmap& bm, const SkMatrix& matrix,
802 const SkPaint* paint) { 802 const SkPaint* paint) {
803 NOTIFY_SETUP(this); 803 NOTIFY_SETUP(this);
804 size_t opBytesNeeded = matrix.writeToMemory(NULL); 804 size_t opBytesNeeded = fWriter.writeMatrixSize(matrix);
805 805
806 if (this->commonDrawBitmap(bm, kDrawBitmapMatrix_DrawOp, 0, opBytesNeeded, p aint)) { 806 if (this->commonDrawBitmap(bm, kDrawBitmapMatrix_DrawOp, 0, opBytesNeeded, p aint)) {
807 fWriter.writeMatrix(matrix); 807 fWriter.writeMatrix(matrix);
808 } 808 }
809 } 809 }
810 810
811 void SkGPipeCanvas::drawBitmapNine(const SkBitmap& bm, const SkIRect& center, 811 void SkGPipeCanvas::drawBitmapNine(const SkBitmap& bm, const SkIRect& center,
812 const SkRect& dst, const SkPaint* paint) { 812 const SkRect& dst, const SkPaint* paint) {
813 NOTIFY_SETUP(this); 813 NOTIFY_SETUP(this);
814 size_t opBytesNeeded = sizeof(int32_t) * 4 + sizeof(SkRect); 814 size_t opBytesNeeded = sizeof(int32_t) * 4 + sizeof(SkRect);
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after
884 884
885 void SkGPipeCanvas::drawTextOnPath(const void* text, size_t byteLength, 885 void SkGPipeCanvas::drawTextOnPath(const void* text, size_t byteLength,
886 const SkPath& path, const SkMatrix* matrix, 886 const SkPath& path, const SkMatrix* matrix,
887 const SkPaint& paint) { 887 const SkPaint& paint) {
888 if (byteLength) { 888 if (byteLength) {
889 NOTIFY_SETUP(this); 889 NOTIFY_SETUP(this);
890 unsigned flags = 0; 890 unsigned flags = 0;
891 size_t size = 4 + SkAlign4(byteLength) + path.writeToMemory(NULL); 891 size_t size = 4 + SkAlign4(byteLength) + path.writeToMemory(NULL);
892 if (matrix) { 892 if (matrix) {
893 flags |= kDrawTextOnPath_HasMatrix_DrawOpFlag; 893 flags |= kDrawTextOnPath_HasMatrix_DrawOpFlag;
894 size += matrix->writeToMemory(NULL); 894 size += fWriter.writeMatrixSize(*matrix);
895 } 895 }
896 this->writePaint(paint); 896 this->writePaint(paint);
897 if (this->needOpBytes(size)) { 897 if (this->needOpBytes(size)) {
898 this->writeOp(kDrawTextOnPath_DrawOp, flags, 0); 898 this->writeOp(kDrawTextOnPath_DrawOp, flags, 0);
899 899
900 fWriter.write32(byteLength); 900 fWriter.write32(byteLength);
901 fWriter.writePad(text, byteLength); 901 fWriter.writePad(text, byteLength);
902 902
903 fWriter.writePath(path); 903 fWriter.writePath(path);
904 if (matrix) { 904 if (matrix) {
(...skipping 305 matching lines...) Expand 10 before | Expand all | Expand 10 after
1210 fCanvas->ref(); 1210 fCanvas->ref();
1211 } 1211 }
1212 1212
1213 BitmapShuttle::~BitmapShuttle() { 1213 BitmapShuttle::~BitmapShuttle() {
1214 fCanvas->unref(); 1214 fCanvas->unref();
1215 } 1215 }
1216 1216
1217 bool BitmapShuttle::insert(const SkBitmap& bitmap, int32_t slot) { 1217 bool BitmapShuttle::insert(const SkBitmap& bitmap, int32_t slot) {
1218 return fCanvas->shuttleBitmap(bitmap, slot); 1218 return fCanvas->shuttleBitmap(bitmap, slot);
1219 } 1219 }
OLDNEW
« include/core/SkWriter32.h ('K') | « src/core/SkValidatingReadBuffer.cpp ('k') | tests/MatrixTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698