Security fixes re getSize().
git-svn-id: http://skia.googlecode.com/svn/trunk@646 2bbb7eff-a529-9590-31e7-b0007b416f81
diff --git a/src/core/SkBitmap.cpp b/src/core/SkBitmap.cpp
index e706326..8266dfe 100644
--- a/src/core/SkBitmap.cpp
+++ b/src/core/SkBitmap.cpp
@@ -840,7 +840,7 @@
*/
if (this->config() == dstConfig) {
if (tmp.getSize() == this->getSize()) {
- memcpy(tmp.getPixels(), this->getPixels(), this->getSize());
+ memcpy(tmp.getPixels(), this->getPixels(), this->getSafeSize());
} else {
const char* srcP = reinterpret_cast<const char*>(this->getPixels());
char* dstP = reinterpret_cast<char*>(tmp.getPixels());
@@ -1362,10 +1362,11 @@
}
if (this->allocPixels(ctable)) {
this->lockPixels();
- buffer.read(this->getPixels(), size);
+ buffer.read(this->getPixels(), this->getSafeSize()); // Just read what we need.
+ buffer.skip(size - this->getSafeSize()); // Keep aligned for subsequent reads.
this->unlockPixels();
} else {
- buffer.skip(size);
+ buffer.skip(size); // Still skip the full-sized buffer though.
}
SkSafeUnref(ctable);
break;