| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2012 Google Inc. | 2 * Copyright 2012 Google Inc. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license that can be | 4 * Use of this source code is governed by a BSD-style license that can be |
| 5 * found in the LICENSE file. | 5 * found in the LICENSE file. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #include "SkRRect.h" | 8 #include "SkRRect.h" |
| 9 | 9 |
| 10 /////////////////////////////////////////////////////////////////////////////// | 10 /////////////////////////////////////////////////////////////////////////////// |
| (...skipping 262 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 273 } | 273 } |
| 274 if (radii[i].fY) { | 274 if (radii[i].fY) { |
| 275 radii[i].fY -= dy; | 275 radii[i].fY -= dy; |
| 276 } | 276 } |
| 277 } | 277 } |
| 278 dst->setRectRadii(r, radii); | 278 dst->setRectRadii(r, radii); |
| 279 } | 279 } |
| 280 | 280 |
| 281 /////////////////////////////////////////////////////////////////////////////// | 281 /////////////////////////////////////////////////////////////////////////////// |
| 282 | 282 |
| 283 uint32_t SkRRect::writeToMemory(void* buffer) const { | 283 size_t SkRRect::writeToMemory(void* buffer) const { |
| 284 SkASSERT(kSizeInMemory == sizeof(SkRect) + sizeof(fRadii)); | 284 SkASSERT(kSizeInMemory == sizeof(SkRect) + sizeof(fRadii)); |
| 285 | 285 |
| 286 memcpy(buffer, &fRect, sizeof(SkRect)); | 286 memcpy(buffer, &fRect, sizeof(SkRect)); |
| 287 memcpy((char*)buffer + sizeof(SkRect), fRadii, sizeof(fRadii)); | 287 memcpy((char*)buffer + sizeof(SkRect), fRadii, sizeof(fRadii)); |
| 288 return kSizeInMemory; | 288 return kSizeInMemory; |
| 289 } | 289 } |
| 290 | 290 |
| 291 uint32_t SkRRect::readFromMemory(const void* buffer) { | 291 size_t SkRRect::readFromMemory(const void* buffer, size_t length) { |
| 292 if (length < kSizeInMemory) { |
| 293 return 0; |
| 294 } |
| 295 |
| 292 SkScalar storage[12]; | 296 SkScalar storage[12]; |
| 293 SkASSERT(sizeof(storage) == kSizeInMemory); | 297 SkASSERT(sizeof(storage) == kSizeInMemory); |
| 294 | 298 |
| 295 // we make a local copy, to ensure alignment before we cast | 299 // we make a local copy, to ensure alignment before we cast |
| 296 memcpy(storage, buffer, kSizeInMemory); | 300 memcpy(storage, buffer, kSizeInMemory); |
| 297 | 301 |
| 298 this->setRectRadii(*(const SkRect*)&storage[0], | 302 this->setRectRadii(*(const SkRect*)&storage[0], |
| 299 (const SkVector*)&storage[4]); | 303 (const SkVector*)&storage[4]); |
| 300 return kSizeInMemory; | 304 return kSizeInMemory; |
| 301 } | 305 } |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 352 SkASSERT(!allRadiiZero && !allRadiiSame && !allCornersSquare); | 356 SkASSERT(!allRadiiZero && !allRadiiSame && !allCornersSquare); |
| 353 break; | 357 break; |
| 354 case kUnknown_Type: | 358 case kUnknown_Type: |
| 355 // no limits on this | 359 // no limits on this |
| 356 break; | 360 break; |
| 357 } | 361 } |
| 358 } | 362 } |
| 359 #endif // SK_DEBUG | 363 #endif // SK_DEBUG |
| 360 | 364 |
| 361 /////////////////////////////////////////////////////////////////////////////// | 365 /////////////////////////////////////////////////////////////////////////////// |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 41253002:
Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. (Closed)
Base URL: https://skia.googlecode.com/svn/trunk