Commit Graph

156 Commits

Author SHA1 Message Date
commit-bot@chromium.org
4faa869cda Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.
BUG=
R=reed@google.com, mtklein@google.com, senorblanco@chromium.org

Committed: https://code.google.com/p/skia/source/detail?r=12114

Committed: https://code.google.com/p/skia/source/detail?r=12119

Author: sugoi@chromium.org

Review URL: https://codereview.chromium.org/41253002

git-svn-id: http://skia.googlecode.com/svn/trunk@12130 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-11-05 15:46:56 +00:00
reed@google.com
12a23866fe Revert "Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream."
This reverts commit 6bc22e8ef1ea70a1b58409aa21254358c50f149a.

git-svn-id: http://skia.googlecode.com/svn/trunk@12124 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-11-04 21:35:55 +00:00
sugoi@google.com
b48a59ae81 Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.
BUG=
R=reed@google.com

Committed: https://code.google.com/p/skia/source/detail?r=12114

Review URL: https://codereview.chromium.org/41253002

git-svn-id: http://skia.googlecode.com/svn/trunk@12119 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-11-04 20:28:23 +00:00
epoger@google.com
eb221268ab Revert r12114 due to https://code.google.com/p/skia/issues/detail?id=1794 ('Assertion failures on various buildbots as of r12114')
git-svn-id: http://skia.googlecode.com/svn/trunk@12115 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-11-04 18:06:12 +00:00
sugoi@google.com
305f78e8c1 Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.
BUG=
R=reed@google.com

Review URL: https://codereview.chromium.org/41253002

git-svn-id: http://skia.googlecode.com/svn/trunk@12114 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-11-04 16:18:15 +00:00
commit-bot@chromium.org
0251288112 Adding size parameter to read array functions
In some cases, the allocated array into which the data will be read is using getArrayCount() to allocate itself, which should be safe, but some cases use fixed length arrays or compute the array size before reading, which could overflow if the stream is compromised.

To prevent that from happening, I added a check that will verify that the number of bytes to read will not exceed the capacity of the input buffer argument passed to all the read...Array() functions.

I chose to use the byte array for this initial version, so that "size" represents the same value across all read...Array() functions, but I could also use the element count, if it is preferred.

Note : readPointArray and writePointArray are unused, so I could also remove them

BUG=
R=reed@google.com, mtklein@google.com, senorblanco@chromium.org

Author: sugoi@chromium.org

Review URL: https://codereview.chromium.org/37803002

git-svn-id: http://skia.googlecode.com/svn/trunk@12058 2bbb7eff-a529-9590-31e7-b0007b416f81
2013-10-31 18:37:50 +00:00