Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.

src/core/SkPathRef.cpp

Index: src/core/SkPathRef.cpp
diff --git a/src/core/SkPathRef.cpp b/src/core/SkPathRef.cpp
index f635c2a3e5806abda5501e9da850518604b8b4b2..0a31a7593b93aad290842aaa4588a769058e1797 100644
--- a/src/core/SkPathRef.cpp
+++ b/src/core/SkPathRef.cpp
@@ -6,6 +6,7 @@
  */
 
 #include "SkBuffer.h"
+#include "SkFlattenableBuffers.h"
 #include "SkOnce.h"
 #include "SkPath.h"
 #include "SkPathRef.h"
@@ -138,6 +139,27 @@ SkPathRef* SkPathRef::CreateFromBuffer(SkRBuffer* buffer
     return ref;
 }
 
+uint32_t SkPathRef::SizeToRead(SkFlattenableReadBuffer& buffer
+#ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TOO
+                               , bool newFormat
+#endif
+    ) {
+    uint32_t size = 4 * sizeof(uint32_t) + // fGenerationID, verbCount, pointCount, conicCount
+                    sizeof(SkRect); // fBounds
+#ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TOO
+    if (newFormat) {
+#endif
+       size += sizeof(uint32_t);
+#ifndef DELETE_THIS_CODE_WHEN_SKPS_ARE_REBUILT_AT_V14_AND_ALL_OTHER_INSTANCES_TOO
+    }
+#endif
+    
+    // TODO: Figure out a way to read verbCount, pointCount, conicCount without
+    //       the buffer's peek forward (while making sure we can read these values)

[sugoi1, 2013/10/24 19:51:39]

This isn't completed yet. I need some suggestions. I need to figure out a way to
read verbCount, pointCount, conicCount without moving the buffer's peek forward.
I'd like to do this in a clean way, but I see no way of doing this with
SkFlattenableReadBuffer right now.

Maybe an "unflatten" function could be added by SkPath, SkPathRef, SkRegion
instead of trying to precompute their size before reading these objects. Any
idea, opinion ?

+
+    return size;
+}
+
 void SkPathRef::Rewind(SkAutoTUnref<SkPathRef>* pathRef) {
     if ((*pathRef)->unique()) {
         SkDEBUGCODE((*pathRef)->validate();)