Chromium Code Reviews Chromium Code Reviews
Issue 41253002:
Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. (Closed)
Base URL: https://skia.googlecode.com/svn/trunk| Index: include/core/SkWriter32.h |
| diff --git a/include/core/SkWriter32.h b/include/core/SkWriter32.h |
| index ba8893eab960244f7418612fc9666f2a0bf97f4b..5882d16e20aefb58c821474e01a2a9559f77977a 100644 |
| --- a/include/core/SkWriter32.h |
| +++ b/include/core/SkWriter32.h |
| @@ -129,9 +129,17 @@ public: |
| } |
| void writeMatrix(const SkMatrix& matrix) { |
| - size_t size = matrix.writeToMemory(NULL); |
| - SkASSERT(SkAlign4(size) == size); |
| - matrix.writeToMemory(this->reserve(size)); |
| + for (int i = 0; i < 9; ++i) { |
| + this->writeScalar(matrix[i]); |
|
mtklein
2013/10/25 18:11:49
Were we just never writing the flags at all?
sugoi1
2013/10/25 18:27:20
No, SkMatrix::writeToMemory() was only writing the
|
| + } |
| + } |
| + |
| + uint32_t writeMatrixSize(const SkMatrix&) const { |
| + return 9 * sizeof(SkScalar); |
| + } |
| + |
| + static uint32_t MaxWriteMatrixSize() { |
| + return 9 * sizeof(SkScalar) + sizeof(uint32_t); |
| } |
| void writeRegion(const SkRegion& rgn) { |
