Fix heap buffer overflow
Bug: oss-fuzz:11040 Because we're sampling, the offset ends up the same as the width. Back up to the left enough to fit the bytes we will write. Change-Id: Ie476a0191b66c2322446b9c0922f630d6e971645 Reviewed-on: https://skia-review.googlesource.com/c/164262 Commit-Queue: Leon Scroggins <scroggo@google.com> Commit-Queue: Mike Klein <mtklein@google.com> Auto-Submit: Leon Scroggins <scroggo@google.com> Reviewed-by: Mike Klein <mtklein@google.com>
This commit is contained in:
parent
701167cfb9
commit
07afa23bd0
@ -1216,6 +1216,15 @@ int SkSwizzler::onSetSampleX(int sampleX) {
|
|||||||
fSwizzleWidth = get_scaled_dimension(fSrcWidth, sampleX);
|
fSwizzleWidth = get_scaled_dimension(fSrcWidth, sampleX);
|
||||||
fAllocatedWidth = get_scaled_dimension(fDstWidth, sampleX);
|
fAllocatedWidth = get_scaled_dimension(fDstWidth, sampleX);
|
||||||
|
|
||||||
|
if (fDstOffsetBytes > 0) {
|
||||||
|
const size_t dstSwizzleBytes = fSwizzleWidth * fDstBPP;
|
||||||
|
const size_t dstAllocatedBytes = fAllocatedWidth * fDstBPP;
|
||||||
|
if (fDstOffsetBytes + dstSwizzleBytes > dstAllocatedBytes) {
|
||||||
|
SkASSERT(dstSwizzleBytes < dstAllocatedBytes);
|
||||||
|
fDstOffsetBytes = dstAllocatedBytes - dstSwizzleBytes;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// The optimized swizzler functions do not support sampling. Sampled swizzles
|
// The optimized swizzler functions do not support sampling. Sampled swizzles
|
||||||
// are already fast because they skip pixels. We haven't seen a situation
|
// are already fast because they skip pixels. We haven't seen a situation
|
||||||
// where speeding up sampling has a significant impact on total decode time.
|
// where speeding up sampling has a significant impact on total decode time.
|
||||||
|
Loading…
Reference in New Issue
Block a user