Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(350)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/core/SkValidatingReadBuffer.cpp

Issue 83073005: Fixing issues found by fuzzer (Closed) Base URL: https://skia.googlecode.com/svn/trunk
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2013 Google Inc. 2 * Copyright 2013 Google Inc.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license that can be 4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file. 5 * found in the LICENSE file.
6 */ 6 */
7 7
8 #include "SkBitmap.h" 8 #include "SkBitmap.h"
9 #include "SkErrorInternals.h" 9 #include "SkErrorInternals.h"
10 #include "SkValidatingReadBuffer.h" 10 #include "SkValidatingReadBuffer.h"
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
87 } 87 }
88 88
89 void SkValidatingReadBuffer::readString(SkString* string) { 89 void SkValidatingReadBuffer::readString(SkString* string) {
90 const size_t len = this->readInt(); 90 const size_t len = this->readInt();
91 const void* ptr = fReader.peek(); 91 const void* ptr = fReader.peek();
92 const char* cptr = (const char*)ptr; 92 const char* cptr = (const char*)ptr;
93 93
94 // skip over the string + '\0' and then pad to a multiple of 4 94 // skip over the string + '\0' and then pad to a multiple of 4
95 const size_t alignedSize = SkAlign4(len + 1); 95 const size_t alignedSize = SkAlign4(len + 1);
96 this->skip(alignedSize); 96 this->skip(alignedSize);
97 this->validate(cptr[len] == '\0'); 97 if (!fError) {
98 this->validate(cptr[len] == '\0');
99 }
98 if (!fError) { 100 if (!fError) {
99 string->set(cptr, len); 101 string->set(cptr, len);
100 } 102 }
101 } 103 }
102 104
103 void* SkValidatingReadBuffer::readEncodedString(size_t* length, SkPaint::TextEnc oding encoding) { 105 void* SkValidatingReadBuffer::readEncodedString(size_t* length, SkPaint::TextEnc oding encoding) {
104 const int32_t encodingType = fReader.readInt(); 106 const int32_t encodingType = this->readInt();
105 this->validate(encodingType == encoding); 107 this->validate(encodingType == encoding);
106 *length = this->readInt(); 108 *length = this->readInt();
107 const void* ptr = this->skip(SkAlign4(*length)); 109 const void* ptr = this->skip(SkAlign4(*length));
108 void* data = NULL; 110 void* data = NULL;
109 if (!fError) { 111 if (!fError) {
110 data = sk_malloc_throw(*length); 112 data = sk_malloc_throw(*length);
111 memcpy(data, ptr, *length); 113 memcpy(data, ptr, *length);
112 } 114 }
113 return data; 115 return data;
114 } 116 }
115 117
116 void SkValidatingReadBuffer::readPoint(SkPoint* point) { 118 void SkValidatingReadBuffer::readPoint(SkPoint* point) {
117 point->fX = fReader.readScalar(); 119 point->fX = this->readScalar();
118 point->fY = fReader.readScalar(); 120 point->fY = this->readScalar();
119 } 121 }
120 122
121 void SkValidatingReadBuffer::readMatrix(SkMatrix* matrix) { 123 void SkValidatingReadBuffer::readMatrix(SkMatrix* matrix) {
122 size_t size = 0; 124 size_t size = 0;
123 if (!fError) { 125 if (!fError) {
124 size = matrix->readFromMemory(fReader.peek(), fReader.available()); 126 size = matrix->readFromMemory(fReader.peek(), fReader.available());
125 this->validate((SkAlign4(size) == size) && (0 != size)); 127 this->validate((SkAlign4(size) == size) && (0 != size));
126 } 128 }
127 if (!fError) { 129 if (!fError) {
128 (void)this->skip(size); 130 (void)this->skip(size);
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after
256 delete obj; 258 delete obj;
257 obj = NULL; 259 obj = NULL;
258 } 260 }
259 } else { 261 } else {
260 // we must skip the remaining data 262 // we must skip the remaining data
261 this->skip(sizeRecorded); 263 this->skip(sizeRecorded);
262 SkASSERT(false); 264 SkASSERT(false);
263 } 265 }
264 return obj; 266 return obj;
265 } 267 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698