Chromium Code Reviews Chromium Code Reviews
Issue 92793002:
Fixed bad bitmap size crashes (Closed)
Base URL: https://skia.googlecode.com/svn/trunk| Index: src/core/SkBitmap.cpp |
| diff --git a/src/core/SkBitmap.cpp b/src/core/SkBitmap.cpp |
| index 9d4aa87c857fa0bc62eb3bbf946b76e70940f70b..16afd57df3f0a10969a496d64cb4a1e6f9b4fe92 100644 |
| --- a/src/core/SkBitmap.cpp |
| +++ b/src/core/SkBitmap.cpp |
| @@ -1568,6 +1568,10 @@ void SkBitmap::unflatten(SkFlattenableReadBuffer& buffer) { |
| case SERIALIZE_PIXELTYPE_REF_DATA: { |
| size_t offset = buffer.readUInt(); |
| SkPixelRef* pr = buffer.readPixelRef(); |
| + if (!buffer.validate((NULL == pr) || |
| + (pr->getSize() >= (offset + this->getSafeSize())))) { |
|
sugoi
2013/11/28 18:22:41
Simplified this a bit by using getSafeSize()
|
| + offset = 0; |
| + } |
| SkSafeUnref(this->setPixelRef(pr, offset)); |
| break; |
| } |
