Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/core/SkImageFilter.cpp

Issue 831583004: Adding check on input count (Closed) Base URL: https://skia.googlesource.com/skia.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « include/core/SkImageFilter.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2012 The Android Open Source Project 2 * Copyright 2012 The Android Open Source Project
3 * 3 *
4 * Use of this source code is governed by a BSD-style license that can be 4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file. 5 * found in the LICENSE file.
6 */ 6 */
7 7
8 #include "SkImageFilter.h" 8 #include "SkImageFilter.h"
9 9
10 #include "SkBitmap.h" 10 #include "SkBitmap.h"
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
55 && fSrcGenID == other.fSrcGenID; 55 && fSrcGenID == other.fSrcGenID;
56 } 56 }
57 }; 57 };
58 58
59 SkImageFilter::Common::~Common() { 59 SkImageFilter::Common::~Common() {
60 for (int i = 0; i < fInputs.count(); ++i) { 60 for (int i = 0; i < fInputs.count(); ++i) {
61 SkSafeUnref(fInputs[i]); 61 SkSafeUnref(fInputs[i]);
62 } 62 }
63 } 63 }
64 64
65 void SkImageFilter::Common::allocInputs(int count) { 65 bool SkImageFilter::Common::allocInputs(size_t count) {
66 static const size_t maxInputs = ((size_t)(-1)) / sizeof(SkImageFilter*);
Stephen White 2015/01/07 19:31:12 Division is kind of ugly. Could be (moving size co
67 if (count > maxInputs) {
68 return false;
69 }
66 const size_t size = count * sizeof(SkImageFilter*); 70 const size_t size = count * sizeof(SkImageFilter*);
67 fInputs.reset(count); 71 fInputs.reset(count);
68 sk_bzero(fInputs.get(), size); 72 sk_bzero(fInputs.get(), size);
73 return true;
69 } 74 }
70 75
71 void SkImageFilter::Common::detachInputs(SkImageFilter** inputs) { 76 void SkImageFilter::Common::detachInputs(SkImageFilter** inputs) {
72 const size_t size = fInputs.count() * sizeof(SkImageFilter*); 77 const size_t size = fInputs.count() * sizeof(SkImageFilter*);
73 memcpy(inputs, fInputs.get(), size); 78 memcpy(inputs, fInputs.get(), size);
74 sk_bzero(fInputs.get(), size); 79 sk_bzero(fInputs.get(), size);
75 } 80 }
76 81
77 bool SkImageFilter::Common::unflatten(SkReadBuffer& buffer, int expectedCount) { 82 bool SkImageFilter::Common::unflatten(SkReadBuffer& buffer, int expectedCount) {
78 const int count = buffer.readInt(); 83 const int count = buffer.readInt();
79 if (!buffer.validate(count >= 0)) { 84 if (!buffer.validate((count >= 0) &&
80 return false; 85 (expectedCount < 0 || count == expectedCount) &&
81 } 86 (this->allocInputs(count)))) {
82 if (!buffer.validate(expectedCount < 0 || count == expectedCount)) {
83 return false; 87 return false;
84 } 88 }
85 89
86 this->allocInputs(count);
87 for (int i = 0; i < count; i++) { 90 for (int i = 0; i < count; i++) {
88 if (buffer.readBool()) { 91 if (buffer.readBool()) {
89 fInputs[i] = buffer.readImageFilter(); 92 fInputs[i] = buffer.readImageFilter();
90 } 93 }
91 if (!buffer.isValid()) { 94 if (!buffer.isValid()) {
92 return false; 95 return false;
93 } 96 }
94 } 97 }
95 SkRect rect; 98 SkRect rect;
96 buffer.readRect(&rect); 99 buffer.readRect(&rect);
(...skipping 389 matching lines...) Expand 10 before | Expand all | Expand 10 after
486 489
487 SkImageFilter::Cache* SkImageFilter::Cache::Create(size_t maxBytes) { 490 SkImageFilter::Cache* SkImageFilter::Cache::Create(size_t maxBytes) {
488 return SkNEW_ARGS(CacheImpl, (maxBytes)); 491 return SkNEW_ARGS(CacheImpl, (maxBytes));
489 } 492 }
490 493
491 SK_DECLARE_STATIC_LAZY_PTR(SkImageFilter::Cache, cache, CreateCache); 494 SK_DECLARE_STATIC_LAZY_PTR(SkImageFilter::Cache, cache, CreateCache);
492 495
493 SkImageFilter::Cache* SkImageFilter::Cache::Get() { 496 SkImageFilter::Cache* SkImageFilter::Cache::Get() {
494 return cache.get(); 497 return cache.get();
495 } 498 }
OLDNEW
« no previous file with comments | « include/core/SkImageFilter.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698