Verify size_t overflow

src/core/SkBitmap.cpp

Index: src/core/SkBitmap.cpp
diff --git a/src/core/SkBitmap.cpp b/src/core/SkBitmap.cpp
index 9db596de9cc9023fe32ae9b5ba24ae473e041345..c962aea21a10fc3dd4e31705a9c334dcf83e450d 100644
--- a/src/core/SkBitmap.cpp
+++ b/src/core/SkBitmap.cpp
@@ -1202,16 +1202,17 @@ bool SkBitmap::ReadRawPixels(SkReadBuffer* buffer, SkBitmap* bitmap) {
     }
 
     const size_t ramRB = info.minRowBytes();
-    const int height = info.height();
-    const size_t snugSize = snugRB * height;
-    const size_t ramSize = ramRB * height;
-    if (!buffer->validate(snugSize <= ramSize)) {
+    const int height = SkMax32(info.height(), 0);
+    const uint64_t snugSize = sk_64_mul(snugRB, height);
+    const uint64_t ramSize = sk_64_mul(ramRB, height);
+    static const uint64_t max_size_t = (size_t)(-1);
+    if (!buffer->validate((snugSize <= ramSize) && (ramSize <= max_size_t))) {

[Stephen White, 2015/01/07 19:22:29]

static const uint64_t max_size_t = (size_t)(-1);
if (!buffer->validate((snugSize <= ramSize) && (ramSize <= max_size_t))) {

Nit: I think this could be slightly shorter as:

if (!buffer->validate((snugSize <= ramSize) && (ramSize == (size_t) ramSize))) {

I leave it up to you guys to say if it's clearer or not.

         return false;
     }
 
-    SkAutoDataUnref data(SkData::NewUninitialized(ramSize));
+    SkAutoDataUnref data(SkData::NewUninitialized(SkToSizeT(ramSize)));
     char* dst = (char*)data->writable_data();
-    buffer->readByteArray(dst, snugSize);
+    buffer->readByteArray(dst, SkToSizeT(snugSize));
 
     if (snugSize != ramSize) {
         const char* srcRow = dst + snugRB * (height - 1);