Commit Graph

61 Commits

Author SHA1 Message Date
commit-bot@chromium.org
cd3b15ca63 Fixed bad bitmap size crashes
There were 2 issues :
1 ) If the size of an SkBitmap's underlying SkPixelRef's alocated memory is too small to fit the bitmap, then the deserialization will now check this and set an error appropriately.
2 ) If a device fails to allocate its pixels, the device will be deleted and NULL will be returned to avoid attempting to draw on a bad device.

BUG=
R=senorblanco@chromium.org, reed@google.com, sugoi@google.com, halcanary@google.com, mtklein@google.com

Author: sugoi@chromium.org

Review URL: https://codereview.chromium.org/92793002

git-svn-id: http://skia.googlecode.com/svn/trunk@12484 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-12-04 17:06:49 +00:00
rmistry@google.com
d6bab02386 Reverting r12427
git-svn-id: http://skia.googlecode.com/svn/trunk@12428 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-12-02 13:50:38 +00:00
skia.committer@gmail.com
5b39f5ba9c Sanitizing source files in Housekeeper-Nightly
git-svn-id: http://skia.googlecode.com/svn/trunk@12427 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-12-02 13:36:22 +00:00
bungeman@google.com
a9a4b04a98 Fix Valgrind reports of test branching on uninitialized data.
Fixes reports like:
[07:10:01.235147] [ 71/188] (9) Serialization
[07:10:01.235186] ==20052== Thread 3:
[07:10:01.235223] ==20052== Conditional jump or move depends on uninitialised value(s)
[07:10:01.235259] ==20052==    at 0x546632: SkRRect::setRectRadii(SkRect const&, SkPoint const*) (SkRect.h:426)
[07:10:01.735876] ==20052==    by 0x546FB7: SkRRect::readFromMemory(void const*, unsigned long) (SkRRect.cpp:362)
[07:10:01.735965] ==20052==    by 0x47F87F: Tests(skiatest::Reporter*) (SerializationTest.cpp:20)
[07:10:01.736007] ==20052==    by 0x480367: skiatest::SerializationClass::onRun(skiatest::Reporter*) (SerializationTest.cpp:212)
[07:10:01.736048] ==20052==    by 0x4881DA: skiatest::Test::run() (Test.cpp:109)
[07:10:01.736086] ==20052==    by 0x482516: SkTestRunnable::run() (skia_test.cpp:155)
[07:10:01.736122] ==20052==    by 0x6236E5: SkThreadPool::Loop(void*) (SkThreadPool.cpp:97)
[07:10:01.736158] ==20052==    by 0x62DDB2: thread_start(void*) (SkThreadUtils_pthread.cpp:66)
[07:10:01.736192] ==20052==    by 0x4E39E99: start_thread (pthread_create.c:308)
[07:10:01.736228] ==20052==    by 0x6A5BCCC: clone (clone.S:112)
[07:10:01.736262] ==20052==  Uninitialised value was created by a stack allocation
[07:10:01.736296] ==20052==    at 0x47EC6A: Tests(skiatest::Reporter*) (SerializationTest.cpp:155)



git-svn-id: http://skia.googlecode.com/svn/trunk@12419 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-11-27 17:00:12 +00:00
commit-bot@chromium.org
8f457e3230 Adding error checks to SkRBuffer
BUG=
R=robertphillips@google.com, bsalomon@google.com, reed@google.com

Author: sugoi@chromium.org

Review URL: https://codereview.chromium.org/61913002

git-svn-id: http://skia.googlecode.com/svn/trunk@12202 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-11-08 19:22:57 +00:00
commit-bot@chromium.org
4faa869cda Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.
BUG=
R=reed@google.com, mtklein@google.com, senorblanco@chromium.org

Committed: https://code.google.com/p/skia/source/detail?r=12114

Committed: https://code.google.com/p/skia/source/detail?r=12119

Author: sugoi@chromium.org

Review URL: https://codereview.chromium.org/41253002

git-svn-id: http://skia.googlecode.com/svn/trunk@12130 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-11-05 15:46:56 +00:00
reed@google.com
12a23866fe Revert "Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream."
This reverts commit 6bc22e8ef1ea70a1b58409aa21254358c50f149a.

git-svn-id: http://skia.googlecode.com/svn/trunk@12124 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-11-04 21:35:55 +00:00
sugoi@google.com
b48a59ae81 Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.
BUG=
R=reed@google.com

Committed: https://code.google.com/p/skia/source/detail?r=12114

Review URL: https://codereview.chromium.org/41253002

git-svn-id: http://skia.googlecode.com/svn/trunk@12119 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-11-04 20:28:23 +00:00
epoger@google.com
eb221268ab Revert r12114 due to https://code.google.com/p/skia/issues/detail?id=1794 ('Assertion failures on various buildbots as of r12114')
git-svn-id: http://skia.googlecode.com/svn/trunk@12115 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-11-04 18:06:12 +00:00
sugoi@google.com
305f78e8c1 Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.
BUG=
R=reed@google.com

Review URL: https://codereview.chromium.org/41253002

git-svn-id: http://skia.googlecode.com/svn/trunk@12114 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-11-04 16:18:15 +00:00
commit-bot@chromium.org
0251288112 Adding size parameter to read array functions
In some cases, the allocated array into which the data will be read is using getArrayCount() to allocate itself, which should be safe, but some cases use fixed length arrays or compute the array size before reading, which could overflow if the stream is compromised.

To prevent that from happening, I added a check that will verify that the number of bytes to read will not exceed the capacity of the input buffer argument passed to all the read...Array() functions.

I chose to use the byte array for this initial version, so that "size" represents the same value across all read...Array() functions, but I could also use the element count, if it is preferred.

Note : readPointArray and writePointArray are unused, so I could also remove them

BUG=
R=reed@google.com, mtklein@google.com, senorblanco@chromium.org

Author: sugoi@chromium.org

Review URL: https://codereview.chromium.org/37803002

git-svn-id: http://skia.googlecode.com/svn/trunk@12058 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-10-31 18:37:50 +00:00