AuroraMiddleware/skia2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix heap buffer overflow

Browse Source 
Bug: oss-fuzz:11040

Because we're sampling, the offset ends up the same as the width. Back
up to the left enough to fit the bytes we will write.

Change-Id: Ie476a0191b66c2322446b9c0922f630d6e971645
Reviewed-on: https://skia-review.googlesource.com/c/164262
Commit-Queue: Leon Scroggins <scroggo@google.com>
Commit-Queue: Mike Klein <mtklein@google.com>
Auto-Submit: Leon Scroggins <scroggo@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
This commit is contained in:
Leon Scroggins III 2018-10-22 13:16:37 -04:00 committed by Skia Commit-Bot
parent 701167cfb9
commit 07afa23bd0
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/codec/SkSwizzler.cpp
View File

@ -1216,6 +1216,15 @@ int SkSwizzler::onSetSampleX(int sampleX) {
fSwizzleWidth = get_scaled_dimension(fSrcWidth, sampleX);
fAllocatedWidth = get_scaled_dimension(fDstWidth, sampleX);
if (fDstOffsetBytes > 0) {
const size_t dstSwizzleBytes = fSwizzleWidth * fDstBPP;
const size_t dstAllocatedBytes = fAllocatedWidth * fDstBPP;
if (fDstOffsetBytes + dstSwizzleBytes > dstAllocatedBytes) {
SkASSERT(dstSwizzleBytes < dstAllocatedBytes);
fDstOffsetBytes = dstAllocatedBytes - dstSwizzleBytes;
}
}
// The optimized swizzler functions do not support sampling. Sampled swizzles
// are already fast because they skip pixels. We haven't seen a situation
// where speeding up sampling has a significant impact on total decode time.