AuroraMiddleware/skia2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

SkMorphologyImageFilter: Avoid integer overflow with large radii

Browse Source 
We later compute the "width" of the filter as (2*radius)+1, so fail
early if that will overflow.

Bug: chromium:1018190
Change-Id: I6554693067be4b52b1304d9f6fd0376ce4b3be19
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/251364
Reviewed-by: Robert Phillips <robertphillips@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
This commit is contained in:
Brian Osman 2019-10-29 11:24:30 -04:00 committed by Skia Commit-Bot
parent b69001f36f
commit 650f40d39b
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/effects/imagefilters/SkMorphologyImageFilter.cpp
View File

@ -766,7 +766,10 @@ sk_sp<SkSpecialImage> SkMorphologyImageFilterImpl::onFilterImage(const Context&
int width = SkScalarFloorToInt(radius.width());
int height = SkScalarFloorToInt(radius.height());
if (width < 0 || height < 0) {
// Width (or height) must fit in a signed 32-bit int to avoid UBSAN issues (crbug.com/1018190)
constexpr int kMaxRadius = (std::numeric_limits<int>::max() - 1) / 2;
if (width < 0 || height < 0 || width > kMaxRadius || height > kMaxRadius) {
return nullptr;
}