Fixing another clusterfuzz issue

This was introduced by removing SkValidatingReadBuffer::readBitmap in https://codereview.chromium.org/295793002/ Since SkReadBuffer::skip wasn't virtual, it was using the unsafe SkReadBuffer::skip within SkReadBuffer::readBitmap rather than using SkValidatingReadBuffer::skip. I also removed direct uses of fReader within SkReadBuffer::readBitmap so that it can use the virtual readInt / readFixed functions that have a version in SkValidatingReadBuffer. Also, I changed SkReadBuffer::readPoint so that it uses the virtual readScalar, that way, it becomes redundant with SkValidatingReadBuffer::readPoint, which can then be removed. BUG=380723 R=reed@google.com, mtklein@google.com, sugoi@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/317003003
2014-06-06 06:44:16 -07:00 · 2014-06-06 06:44:16 -07:00 · 0951fe1298
commit 0951fe1298
parent 5102345029
3 changed files with 6 additions and 6 deletions
--- a/include/core/SkReadBuffer.h
+++ b/include/core/SkReadBuffer.h
@ -84,7 +84,7 @@ public:
    size_t size() { return fReader.size(); }
    size_t offset() { return fReader.offset(); }
    bool eof() { return fReader.eof(); }
-    const void* skip(size_t size) { return fReader.skip(size); }
+    virtual const void* skip(size_t size) { return fReader.skip(size); }
    void* readFunctionPtr() { return fReader.readPtr(); }

    // primitives
--- a/src/core/SkReadBuffer.cpp
+++ b/src/core/SkReadBuffer.cpp
@ -199,8 +199,8 @@ bool SkReadBuffer::readBitmap(SkBitmap* bitmap) {
    if (this->readBool()) {
        // An SkBitmapHeap was used for writing. Read the index from the stream and find the
        // corresponding SkBitmap in fBitmapStorage.
-        const uint32_t index = fReader.readU32();
-        fReader.readU32(); // bitmap generation ID (see SkWriteBuffer::writeBitmap)
+        const uint32_t index = this->readUInt();
+        this->readUInt(); // bitmap generation ID (see SkWriteBuffer::writeBitmap)
        if (fBitmapStorage) {
            *bitmap = *fBitmapStorage->getBitmap(index);
            fBitmapStorage->releaseRef(index);
@ -223,8 +223,8 @@ bool SkReadBuffer::readBitmap(SkBitmap* bitmap) {
            // A non-zero size means the SkBitmap was encoded. Read the data and pixel
            // offset.
            const void* data = this->skip(length);
-            const int32_t xOffset = fReader.readS32();
-            const int32_t yOffset = fReader.readS32();
+            const int32_t xOffset = this->readInt();
+            const int32_t yOffset = this->readInt();
            if (fBitmapDecoder != NULL && fBitmapDecoder(data, length, bitmap)) {
                if (bitmap->width() == width && bitmap->height() == height) {
 #ifdef DEBUG_NON_DETERMINISTIC_ASSERT
--- a/src/core/SkValidatingReadBuffer.h
+++ b/src/core/SkValidatingReadBuffer.h
@ -23,7 +23,7 @@ public:
    SkValidatingReadBuffer(const void* data, size_t size);
    virtual ~SkValidatingReadBuffer();

-    const void* skip(size_t size);
+    virtual const void* skip(size_t size) SK_OVERRIDE;

    // primitives
    virtual bool readBool() SK_OVERRIDE;