AuroraMiddleware/skia2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

detect if makeOffset failed

Browse Source 
If we don't detect this, this imagefilter might not write to all of the pixels
it claims it will, resulting in uninitialized memory.

Bug: oss-fuzz:7209
Change-Id: I6c53757046b4d6051da1b317310c89b8ec4752ca
Reviewed-on: https://skia-review.googlesource.com/119145
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Mike Reed <reed@google.com>
This commit is contained in:
Mike Reed 2018-04-06 14:27:27 -04:00 committed by Skia Commit-Bot
parent 55068bf893
commit 6209bfafad
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/effects/SkDisplacementMapEffect.cpp
View File

@ -269,6 +269,11 @@ sk_sp<SkSpecialImage> SkDisplacementMapEffect::onFilterImage(SkSpecialImage* sou
}
const SkIRect colorBounds = bounds.makeOffset(-colorOffset.x(), -colorOffset.y());
// If the offset overflowed (saturated) then we have to abort, as we need their
// dimensions to be equal. See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7209
if (colorBounds.size() != bounds.size()) {
return nullptr;
}
SkVector scale = SkVector::Make(fScale, fScale);
ctx.ctm().mapVectors(&scale, 1);