Fix comparison that overflows for addresses near uint max.

- Fix Assert

TBR=mtklein@google.com
BUG=chromium:683578

Change-Id: Iba503d1febace367c71f79a3b9accc0ec3e50f11
Reviewed-on: https://skia-review.googlesource.com/7418
Reviewed-by: Herb Derby <herb@google.com>
Commit-Queue: Herb Derby <herb@google.com>
This commit is contained in:
Herb Derby 2017-01-23 16:57:09 -05:00 committed by Skia Commit-Bot
parent a19f024953
commit f887f8a847
2 changed files with 5 additions and 3 deletions

View File

@ -123,7 +123,7 @@ void SkArenaAlloc::ensureSpace(size_t size, size_t alignment) {
char* SkArenaAlloc::allocObject(size_t size, size_t alignment) { char* SkArenaAlloc::allocObject(size_t size, size_t alignment) {
size_t mask = alignment - 1; size_t mask = alignment - 1;
char* objStart = (char*)((uintptr_t)(fCursor + mask) & ~mask); char* objStart = (char*)((uintptr_t)(fCursor + mask) & ~mask);
if (objStart + size > fEnd) { if ((ptrdiff_t)size > fEnd - objStart) {
this->ensureSpace(size, alignment); this->ensureSpace(size, alignment);
objStart = (char*)((uintptr_t)(fCursor + mask) & ~mask); objStart = (char*)((uintptr_t)(fCursor + mask) & ~mask);
} }
@ -142,12 +142,12 @@ restart:
char* objStart = (char*)((uintptr_t)(fCursor + skipOverhead + mask) & ~mask); char* objStart = (char*)((uintptr_t)(fCursor + skipOverhead + mask) & ~mask);
size_t totalSize = sizeIncludingFooter + skipOverhead; size_t totalSize = sizeIncludingFooter + skipOverhead;
if (objStart + totalSize > fEnd) { if ((ptrdiff_t)totalSize > fEnd - objStart) {
this->ensureSpace(totalSize, alignment); this->ensureSpace(totalSize, alignment);
goto restart; goto restart;
} }
SkASSERT(objStart + totalSize <= fEnd); SkASSERT((ptrdiff_t)totalSize <= fEnd - objStart);
// Install a skip footer if needed, thus terminating a run of POD data. The calling code is // Install a skip footer if needed, thus terminating a run of POD data. The calling code is
// responsible for installing the footer after the object. // responsible for installing the footer after the object.

View File

@ -68,6 +68,7 @@ public:
template <typename T, typename... Args> template <typename T, typename... Args>
T* make(Args&&... args) { T* make(Args&&... args) {
SkASSERT(SkTFitsIn<uint32_t>(sizeof(T)));
char* objStart; char* objStart;
if (skstd::is_trivially_destructible<T>::value) { if (skstd::is_trivially_destructible<T>::value) {
objStart = this->allocObject(sizeof(T), alignof(T)); objStart = this->allocObject(sizeof(T), alignof(T));
@ -139,6 +140,7 @@ private:
SkASSERT(SkTFitsIn<uint32_t>(count)); SkASSERT(SkTFitsIn<uint32_t>(count));
char* objStart; char* objStart;
size_t arraySize = count * sizeof(T); size_t arraySize = count * sizeof(T);
SkASSERT(SkTFitsIn<uint32_t>(arraySize));
if (skstd::is_trivially_destructible<T>::value) { if (skstd::is_trivially_destructible<T>::value) {
objStart = this->allocObject(arraySize, alignof(T)); objStart = this->allocObject(arraySize, alignof(T));