include/core/SkReader32.h - Issue 41253002: Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.

Side by Side Diff: include/core/SkReader32.h

Issue 41253002: Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. (Closed) Base URL: https://skia.googlecode.com/svn/trunk

Patch Set: Revert back to Patch Set 4 Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1	1

2 /*	2 /*

3 * Copyright 2008 The Android Open Source Project	3 * Copyright 2008 The Android Open Source Project

4 *	4 *

5 * Use of this source code is governed by a BSD-style license that can be	5 * Use of this source code is governed by a BSD-style license that can be

6 * found in the LICENSE file.	6 * found in the LICENSE file.

7 */	7 */

8	8

9	9

10 #ifndef SkReader32_DEFINED	10 #ifndef SkReader32_DEFINED

(...skipping 89 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
100 fCurr += SkAlign4(size);	100 fCurr += SkAlign4(size);

101 SkASSERT(fCurr <= fStop);	101 SkASSERT(fCurr <= fStop);

102 }	102 }

103	103

104 uint8_t readU8() { return (uint8_t)this->readInt(); }	104 uint8_t readU8() { return (uint8_t)this->readInt(); }

105 uint16_t readU16() { return (uint16_t)this->readInt(); }	105 uint16_t readU16() { return (uint16_t)this->readInt(); }

106 int32_t readS32() { return this->readInt(); }	106 int32_t readS32() { return this->readInt(); }

107 uint32_t readU32() { return this->readInt(); }	107 uint32_t readU32() { return this->readInt(); }

108	108

109 void readPath(SkPath* path) {	109 void readPath(SkPath* path) {

110 size_t size = path->readFromMemory(this->peek());	110 size_t size = path->readFromMemory(this->peek(), this->available());

111 SkASSERT(SkAlign4(size) == size);	111 SkASSERT(SkAlign4(size) == size);

112 (void)this->skip(size);	112 (void)this->skip(size);
	reed1 2013/10/29 19:42:58 if readFromMemory returns 0 (e.g. truncated stream if readFromMemory returns 0 (e.g. truncated stream), shouldn't we skip available instead of zero? sugoi1 2013/10/29 20:16:47 Ok (I had to think about it a little). This would Show quoted text On 2013/10/29 19:42:58, reed1 wrote: > if readFromMemory returns 0 (e.g. truncated stream), shouldn't we skip available instead of zero? Ok (I had to think about it a little). This would automatically cause an error on the next read operation, either by asserting in debug or by reading out-of-bounds in release (which is a bit more unpredictable), but it's probably better overall than leaving peek() at its current position, since that would increase the chance of trapping an error. Stephen White 2013/10/29 20:40:54 Reading out-of-bounds doesn't sound good. Is that Show quoted text On 2013/10/29 20:16:47, sugoi1 wrote: > On 2013/10/29 19:42:58, reed1 wrote: > > if readFromMemory returns 0 (e.g. truncated stream), shouldn't we skip > available instead of zero? > > Ok (I had to think about it a little). This would automatically cause an error > on the next read operation, either by asserting in debug or by reading > out-of-bounds in release (which is a bit more unpredictable), but it's probably > better overall than leaving peek() at its current position, since that would > increase the chance of trapping an error. Reading out-of-bounds doesn't sound good. Is that something that only the non-validating code will trigger? BTW, is there a way we can make unit tests for all these cases? Perhaps by serializing a valid stream, truncating it at specific points and attempting to deserialize that?
113 }	113 }

114	114

115 void readMatrix(SkMatrix* matrix) {	115 void readMatrix(SkMatrix* matrix) {

116 size_t size = matrix->readFromMemory(this->peek());	116 size_t size = matrix->readFromMemory(this->peek(), this->available());

117 SkASSERT(SkAlign4(size) == size);	117 SkASSERT(SkAlign4(size) == size);

118 (void)this->skip(size);	118 (void)this->skip(size);

119 }	119 }

120	120

121 SkRRect* readRRect(SkRRect* rrect) {	121 SkRRect* readRRect(SkRRect* rrect) {

122 rrect->readFromMemory(this->skip(SkRRect::kSizeInMemory));	122 rrect->readFromMemory(this->skip(SkRRect::kSizeInMemory));

123 return rrect;	123 return rrect;

124 }	124 }

125	125

126 void readRegion(SkRegion* rgn) {	126 void readRegion(SkRegion* rgn) {

127 size_t size = rgn->readFromMemory(this->peek());	127 size_t size = rgn->readFromMemory(this->peek(), this->available());

128 SkASSERT(SkAlign4(size) == size);	128 SkASSERT(SkAlign4(size) == size);

129 (void)this->skip(size);	129 (void)this->skip(size);

130 }	130 }

131	131

132 /**	132 /**

133 * Read the length of a string (written by SkWriter32::writeString) into	133 * Read the length of a string (written by SkWriter32::writeString) into

134 * len (if len is not NULL) and return the null-ternimated address of the	134 * len (if len is not NULL) and return the null-ternimated address of the

135 * string within the reader's buffer.	135 * string within the reader's buffer.

136 */	136 */

137 const char* readString(size_t* len = NULL);	137 const char* readString(size_t* len = NULL);

(...skipping 11 matching lines...) Expand all Loading...
149 const char* fBase; // beginning of buffer	149 const char* fBase; // beginning of buffer

150	150

151 #ifdef SK_DEBUG	151 #ifdef SK_DEBUG

152 static bool ptr_align_4(const void* ptr) {	152 static bool ptr_align_4(const void* ptr) {

153 return (((const char)ptr - (const char)NULL) & 3) == 0;	153 return (((const char)ptr - (const char)NULL) & 3) == 0;

154 }	154 }

155 #endif	155 #endif

156 };	156 };

157	157

158 #endif	158 #endif

OLD	NEW

« include/core/SkMatrix.h ('K') | « include/core/SkPath.h ('k') | include/core/SkRegion.h » ('j') | no next file with comments »