Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(194)

Side by Side Diff: include/core/SkRRect.h

Issue 41253002: Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. (Closed) Base URL: https://skia.googlecode.com/svn/trunk
Patch Set: Fixed comments and added tests Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 /* 1 /*
2 * Copyright 2012 Google Inc. 2 * Copyright 2012 Google Inc.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license that can be 4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file. 5 * found in the LICENSE file.
6 */ 6 */
7 7
8 #ifndef SkRRect_DEFINED 8 #ifndef SkRRect_DEFINED
9 #define SkRRect_DEFINED 9 #define SkRRect_DEFINED
10 10
(...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after
261 261
262 enum { 262 enum {
263 kSizeInMemory = 12 * sizeof(SkScalar) 263 kSizeInMemory = 12 * sizeof(SkScalar)
264 }; 264 };
265 265
266 /** 266 /**
267 * Write the rrect into the specified buffer. This is guaranteed to always 267 * Write the rrect into the specified buffer. This is guaranteed to always
268 * write kSizeInMemory bytes, and that value is guaranteed to always be 268 * write kSizeInMemory bytes, and that value is guaranteed to always be
269 * a multiple of 4. Return kSizeInMemory. 269 * a multiple of 4. Return kSizeInMemory.
270 */ 270 */
271 uint32_t writeToMemory(void* buffer) const; 271 size_t writeToMemory(void* buffer) const;
272 272
273 /** 273 /**
274 * Read the rrect from the specified buffer. This is guaranteed to always 274 * Reads the rrect from the specified buffer
275 * read kSizeInMemory bytes, and that value is guaranteed to always be 275 *
276 * a multiple of 4. Return kSizeInMemory. 276 * If the specified buffer is large enough, this will read kSizeInMemory byt es,
277 * and that value is guaranteed to always be a multiple of 4.
278 *
279 * @param buffer Memory to read from
280 * @param length Amount of memory available in the buffer
281 * @return kSizeInMemory or 0 if there was not enough memory available
277 */ 282 */
278 uint32_t readFromMemory(const void* buffer); 283 size_t readFromMemory(const void* buffer, size_t length);
279 284
280 private: 285 private:
281 SkRect fRect; 286 SkRect fRect;
282 // Radii order is UL, UR, LR, LL. Use Corner enum to index into fRadii[] 287 // Radii order is UL, UR, LR, LL. Use Corner enum to index into fRadii[]
283 SkVector fRadii[4]; 288 SkVector fRadii[4];
284 mutable Type fType; 289 mutable Type fType;
285 // TODO: add padding so we can use memcpy for flattening and not copy 290 // TODO: add padding so we can use memcpy for flattening and not copy
286 // uninitialized data 291 // uninitialized data
287 292
288 void computeType() const; 293 void computeType() const;
289 bool checkCornerContainment(SkScalar x, SkScalar y) const; 294 bool checkCornerContainment(SkScalar x, SkScalar y) const;
290 295
291 // to access fRadii directly 296 // to access fRadii directly
292 friend class SkPath; 297 friend class SkPath;
293 }; 298 };
294 299
295 #endif 300 #endif
OLDNEW
« no previous file with comments | « include/core/SkPath.h ('k') | include/core/SkReader32.h » ('j') | include/core/SkReader32.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698