AuroraMiddleware/skia2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

validate offsetToRestore

Browse Source 
Bug: skia:7425
Change-Id: I6451058bc5194853440f08a053fb974bc8f377a2
Reviewed-on: https://skia-review.googlesource.com/95161
Commit-Queue: Mike Reed <reed@google.com>
Commit-Queue: Mike Klein <mtklein@chromium.org>
Reviewed-by: Mike Klein <mtklein@chromium.org>
This commit is contained in:
Mike Reed 2018-01-16 15:42:32 -05:00 committed by Skia Commit-Bot
parent 6be756b673
commit 539c6f5c92
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/core/SkPicturePlayback.cpp
View File

@ -141,6 +141,12 @@ void SkPicturePlayback::draw(SkCanvas* canvas,
} }
} }
static void validate_offsetToRestore(SkReadBuffer* reader, size_t offsetToRestore) {
if (offsetToRestore) {
reader->validate(SkIsAlign4(offsetToRestore) && offsetToRestore >= reader->offset());
}
}
void SkPicturePlayback::handleOp(SkReadBuffer* reader, void SkPicturePlayback::handleOp(SkReadBuffer* reader,
DrawType op, DrawType op,
uint32_t size, uint32_t size,
@ -162,9 +168,9 @@ void SkPicturePlayback::handleOp(SkReadBuffer* reader,
SkClipOp clipOp = ClipParams_unpackRegionOp(reader, packed); SkClipOp clipOp = ClipParams_unpackRegionOp(reader, packed);
bool doAA = ClipParams_unpackDoAA(packed); bool doAA = ClipParams_unpackDoAA(packed);
size_t offsetToRestore = reader->readInt(); size_t offsetToRestore = reader->readInt();
validate_offsetToRestore(reader, offsetToRestore);
BREAK_ON_READ_ERROR(reader); BREAK_ON_READ_ERROR(reader);
SkASSERT(!offsetToRestore || offsetToRestore >= reader->offset());
canvas->clipPath(path, clipOp, doAA); canvas->clipPath(path, clipOp, doAA);
if (canvas->isClipEmpty() && offsetToRestore) { if (canvas->isClipEmpty() && offsetToRestore) {
reader->skip(offsetToRestore - reader->offset()); reader->skip(offsetToRestore - reader->offset());
@ -176,9 +182,9 @@ void SkPicturePlayback::handleOp(SkReadBuffer* reader,
uint32_t packed = reader->readInt(); uint32_t packed = reader->readInt();
SkClipOp clipOp = ClipParams_unpackRegionOp(reader, packed); SkClipOp clipOp = ClipParams_unpackRegionOp(reader, packed);
size_t offsetToRestore = reader->readInt(); size_t offsetToRestore = reader->readInt();
validate_offsetToRestore(reader, offsetToRestore);
BREAK_ON_READ_ERROR(reader); BREAK_ON_READ_ERROR(reader);
SkASSERT(!offsetToRestore || offsetToRestore >= reader->offset());
canvas->clipRegion(region, clipOp); canvas->clipRegion(region, clipOp);
if (canvas->isClipEmpty() && offsetToRestore) { if (canvas->isClipEmpty() && offsetToRestore) {
reader->skip(offsetToRestore - reader->offset()); reader->skip(offsetToRestore - reader->offset());
@ -191,9 +197,9 @@ void SkPicturePlayback::handleOp(SkReadBuffer* reader,
SkClipOp clipOp = ClipParams_unpackRegionOp(reader, packed); SkClipOp clipOp = ClipParams_unpackRegionOp(reader, packed);
bool doAA = ClipParams_unpackDoAA(packed); bool doAA = ClipParams_unpackDoAA(packed);
size_t offsetToRestore = reader->readInt(); size_t offsetToRestore = reader->readInt();
validate_offsetToRestore(reader, offsetToRestore);
BREAK_ON_READ_ERROR(reader); BREAK_ON_READ_ERROR(reader);
SkASSERT(!offsetToRestore || offsetToRestore >= reader->offset());
canvas->clipRect(rect, clipOp, doAA); canvas->clipRect(rect, clipOp, doAA);
if (canvas->isClipEmpty() && offsetToRestore) { if (canvas->isClipEmpty() && offsetToRestore) {
reader->skip(offsetToRestore - reader->offset()); reader->skip(offsetToRestore - reader->offset());
@ -206,9 +212,9 @@ void SkPicturePlayback::handleOp(SkReadBuffer* reader,
SkClipOp clipOp = ClipParams_unpackRegionOp(reader, packed); SkClipOp clipOp = ClipParams_unpackRegionOp(reader, packed);
bool doAA = ClipParams_unpackDoAA(packed); bool doAA = ClipParams_unpackDoAA(packed);
size_t offsetToRestore = reader->readInt(); size_t offsetToRestore = reader->readInt();
validate_offsetToRestore(reader, offsetToRestore);
BREAK_ON_READ_ERROR(reader); BREAK_ON_READ_ERROR(reader);
SkASSERT(!offsetToRestore || offsetToRestore >= reader->offset());
canvas->clipRRect(rrect, clipOp, doAA); canvas->clipRRect(rrect, clipOp, doAA);
if (canvas->isClipEmpty() && offsetToRestore) { if (canvas->isClipEmpty() && offsetToRestore) {
reader->skip(offsetToRestore - reader->offset()); reader->skip(offsetToRestore - reader->offset());