Fix argument order dependency when creating HBBlob.

In the code prior to this change, if the compiler evaluated the arguments from left to right everything would work. If the compiler evaluated the arguments from right to left the the data was released before the calls to get the location and size of the data. Since the compiler saw that the release could happen before the other fields were read, it emitted instructions like 'mov edx,dword ptr [20h]', directly inlining the nullptr dereference. BUG: chromium:979161 Change-Id: I0c45d9f6b8c8cd7b6c751f2b03f10aa5ea9d685c Reviewed-on: https://skia-review.googlesource.com/c/skia/+/224192 Reviewed-by: Hal Canary <halcanary@google.com> Commit-Queue: Ben Wagner <bungeman@google.com>
2019-06-27 12:52:35 -04:00 · 2019-06-27 12:52:35 -04:00 · 7b4aef0f46
commit 7b4aef0f46
parent bb8dde8f7c
1 changed files with 8 additions and 1 deletions
--- a/src/pdf/SkPDFSubsetFont.cpp
+++ b/src/pdf/SkPDFSubsetFont.cpp
@ -11,6 +11,7 @@

 #include "include/private/SkTemplates.h"
 #include "include/private/SkTo.h"
+#include "src/utils/SkCallableTraits.h"

 #include "hb.h"
 #include "hb-subset.h"
@ -22,7 +23,13 @@ using HBSubsetInput = resource<hb_subset_input_t, hb_subset_input_destroy>;
 using HBSet = resource<hb_set_t, hb_set_destroy>;

 static HBBlob to_blob(sk_sp<SkData> data) {
-    return HBBlob(hb_blob_create((char*)data->data(), SkToUInt(data->size()),
+    using blob_size_t = SkCallableTraits<decltype(hb_blob_create)>::argument<1>::type;
+    if (!SkTFitsIn<blob_size_t>(data->size())) {
+        return nullptr;
+    }
+    const char* blobData = static_cast<const char*>(data->data());
+    blob_size_t blobSize = SkTo<blob_size_t>(data->size());
+    return HBBlob(hb_blob_create(blobData, blobSize,
                                 HB_MEMORY_MODE_READONLY,
                                 data.release(), [](void* p){ ((SkData*)p)->unref(); }));
 }