Issue 836733005: Verify size_t overflow

Issue 836733005: Verify size_t overflow (Closed)

Created:
5 years, 11 months ago by sugoi1

Modified:
5 years, 11 months ago

Reviewers:
Stephen White, reed1

CC:
reviews_skia.org

Base URL:
https://skia.googlesource.com/skia.git@master

Target Ref:
refs/heads/master

Project:
skia

Visibility:
Public.

More Reviews

Description

Verify size_t overflow In 32 bits, it's possible that multiplying 2 32b values might overflow a size_t, which could be 32b unsigned in that context, so I added a check for size_t overflow. BUG=445831 Committed: https://skia.googlesource.com/skia/+/bd0d9da981289504c9dcd8547eaad52b1f4a52cb

Patch Set 1 #

Total comments: 1

Patch Set 2 : New version #

Total comments: 4

Patch Set 3 : Used SkToSizeT #

Total comments: 1

Created: 5 years, 11 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+7 lines, -6 lines)			Patch
	M	src/core/SkBitmap.cpp	View	1 2	1 chunk	+7 lines, -6 lines	1 comment	Download

Messages

Total messages: 13 (3 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

reed1

https://codereview.chromium.org/836733005/diff/1/src/core/SkBitmap.cpp File src/core/SkBitmap.cpp (right): https://codereview.chromium.org/836733005/diff/1/src/core/SkBitmap.cpp#newcode1208 src/core/SkBitmap.cpp:1208: if (!buffer->validate((snugSize <= ramSize) && ((ramSize / ramRB) == ...

5 years, 11 months ago (2015-01-06 22:29:35 UTC) #3

sugoi1

Wrote a new version using sk_64_mul https://codereview.chromium.org/836733005/diff/20001/src/core/SkBitmap.cpp File src/core/SkBitmap.cpp (right): https://codereview.chromium.org/836733005/diff/20001/src/core/SkBitmap.cpp#newcode1205 src/core/SkBitmap.cpp:1205: const int height ...

5 years, 11 months ago (2015-01-07 16:09:04 UTC) #4

reed1

https://codereview.chromium.org/836733005/diff/20001/src/core/SkBitmap.cpp File src/core/SkBitmap.cpp (right): https://codereview.chromium.org/836733005/diff/20001/src/core/SkBitmap.cpp#newcode1213 src/core/SkBitmap.cpp:1213: SkAutoDataUnref data(SkData::NewUninitialized(static_cast<size_t>(ramSize))); On 2015/01/07 16:09:04, sugoi1 wrote: > This ...

5 years, 11 months ago (2015-01-07 16:19:35 UTC) #5

sugoi1

5 years, 11 months ago (2015-01-07 16:28:35 UTC) #6

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/836733005/40001

5 years, 11 months ago (2015-01-07 16:38:24 UTC) #10

commit-bot: I haz the power

Committed patchset #3 (id:40001) as https://skia.googlesource.com/skia/+/bd0d9da981289504c9dcd8547eaad52b1f4a52cb

5 years, 11 months ago (2015-01-07 16:47:47 UTC) #11

Stephen White

5 years, 11 months ago (2015-01-07 19:22:29 UTC) #13

Message was sent while issue was closed.

https://codereview.chromium.org/836733005/diff/40001/src/core/SkBitmap.cpp
File src/core/SkBitmap.cpp (right):

https://codereview.chromium.org/836733005/diff/40001/src/core/SkBitmap.cpp#ne...
src/core/SkBitmap.cpp:1209: if (!buffer->validate((snugSize <= ramSize) &&
(ramSize <= max_size_t))) {
static const uint64_t max_size_t = (size_t)(-1);
if (!buffer->validate((snugSize <= ramSize) && (ramSize <= max_size_t))) {

Nit: I think this could be slightly shorter as:

if (!buffer->validate((snugSize <= ramSize) && (ramSize == (size_t) ramSize))) {

I leave it up to you guys to say if it's clearer or not.

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages