src/core/SkBitmap.cpp - Issue 92793002: Fixed bad bitmap size crashes

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: src/core/SkBitmap.cpp

Issue 92793002: Fixed bad bitmap size crashes (Closed) Base URL: https://skia.googlecode.com/svn/trunk

Patch Set: Created 7 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1	1

2 /*	2 /*

3 * Copyright 2008 The Android Open Source Project	3 * Copyright 2008 The Android Open Source Project

4 *	4 *

5 * Use of this source code is governed by a BSD-style license that can be	5 * Use of this source code is governed by a BSD-style license that can be

6 * found in the LICENSE file.	6 * found in the LICENSE file.

7 */	7 */

8	8

9	9

10 #include "SkBitmap.h"	10 #include "SkBitmap.h"

(...skipping 1550 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1561	1561

1562 this->setConfig(config, width, height, rowBytes, alphaType);	1562 this->setConfig(config, width, height, rowBytes, alphaType);

1563	1563

1564 int reftype = buffer.readInt();	1564 int reftype = buffer.readInt();

1565 if (buffer.validate((SERIALIZE_PIXELTYPE_REF_DATA == reftype) \|\|	1565 if (buffer.validate((SERIALIZE_PIXELTYPE_REF_DATA == reftype) \|\|

1566 (SERIALIZE_PIXELTYPE_NONE == reftype))) {	1566 (SERIALIZE_PIXELTYPE_NONE == reftype))) {

1567 switch (reftype) {	1567 switch (reftype) {

1568 case SERIALIZE_PIXELTYPE_REF_DATA: {	1568 case SERIALIZE_PIXELTYPE_REF_DATA: {

1569 size_t offset = buffer.readUInt();	1569 size_t offset = buffer.readUInt();

1570 SkPixelRef* pr = buffer.readPixelRef();	1570 SkPixelRef* pr = buffer.readPixelRef();

	1571 size_t cur_size = (fHeight == 0) ? 0 :

	1572 ((fHeight - 1) * fRowBytes) + (fWidth * fBytesPerPixel);

	1573 if (!buffer.validate((NULL == pr) \|\|

	1574 (pr->getSize() >= (offset + cur_size)))) {

	1575 offset = 0;

	1576 }

1571 SkSafeUnref(this->setPixelRef(pr, offset));	1577 SkSafeUnref(this->setPixelRef(pr, offset));

1572 break;	1578 break;

1573 }	1579 }

1574 case SERIALIZE_PIXELTYPE_NONE:	1580 case SERIALIZE_PIXELTYPE_NONE:

1575 break;	1581 break;

1576 default:	1582 default:

1577 SkDEBUGFAIL("unrecognized pixeltype in serialized data");	1583 SkDEBUGFAIL("unrecognized pixeltype in serialized data");

1578 sk_throw();	1584 sk_throw();

1579 }	1585 }

1580 }	1586 }

(...skipping 70 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1651 if (NULL != uri) {	1657 if (NULL != uri) {

1652 str->appendf(" uri:\"%s\"", uri);	1658 str->appendf(" uri:\"%s\"", uri);

1653 } else {	1659 } else {

1654 str->appendf(" pixelref:%p", pr);	1660 str->appendf(" pixelref:%p", pr);

1655 }	1661 }

1656 }	1662 }

1657	1663

1658 str->append(")");	1664 str->append(")");

1659 }	1665 }

1660 #endif	1666 #endif

OLD	NEW

« include/core/SkPixelRef.h ('K') | « include/core/SkPixelRef.h ('k') | src/core/SkBitmapDevice.cpp » ('j') | no next file with comments »