AuroraMiddleware/skia2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Harden size check during textblob deserialization

Browse Source 
Check the text size read from a buffer should not exceed the size of
the input buffer. This is to avoid memory allocation errors such as
out of memory.

BUG=chromium:809200

Change-Id: I47824f6e8122bd550ee97ac83e2251b7725865e7
Reviewed-on: https://skia-review.googlesource.com/113289
Reviewed-by: Florin Malita <fmalita@chromium.org>
Commit-Queue: Florin Malita <fmalita@chromium.org>
This commit is contained in:
Wei Li 2018-03-08 14:33:52 -08:00 committed by Skia Commit-Bot
parent ff6b4c59f2
commit dc0b12ec7a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/SkTextBlob.cpp
View File

@ -809,7 +809,7 @@ sk_sp<SkTextBlob> SkTextBlob::MakeFromBuffer(SkReadBuffer& reader) {
return nullptr;
}
int textSize = pe.extended ? reader.read32() : 0;
if (textSize < 0) {
if (textSize < 0 || static_cast<size_t>(textSize) > reader.size()) {
return nullptr;
}