Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream.
BUG=
R=reed@google.com, mtklein@google.com, senorblanco@chromium.org
Committed: https://code.google.com/p/skia/source/detail?r=12114
Committed: https://code.google.com/p/skia/source/detail?r=12119
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/41253002
git-svn-id: http://skia.googlecode.com/svn/trunk@12130 2bbb7eff-a529-9590-31e7-b0007b416f81
diff --git a/src/core/SkMatrix.cpp b/src/core/SkMatrix.cpp
index 5bcb35b..cd7bcea 100644
--- a/src/core/SkMatrix.cpp
+++ b/src/core/SkMatrix.cpp
@@ -1921,20 +1921,25 @@
///////////////////////////////////////////////////////////////////////////////
-uint32_t SkMatrix::writeToMemory(void* buffer) const {
+size_t SkMatrix::writeToMemory(void* buffer) const {
// TODO write less for simple matrices
+ static const size_t sizeInMemory = 9 * sizeof(SkScalar);
if (buffer) {
- memcpy(buffer, fMat, 9 * sizeof(SkScalar));
+ memcpy(buffer, fMat, sizeInMemory);
}
- return 9 * sizeof(SkScalar);
+ return sizeInMemory;
}
-uint32_t SkMatrix::readFromMemory(const void* buffer) {
+size_t SkMatrix::readFromMemory(const void* buffer, size_t length) {
+ static const size_t sizeInMemory = 9 * sizeof(SkScalar);
+ if (length < sizeInMemory) {
+ return 0;
+ }
if (buffer) {
- memcpy(fMat, buffer, 9 * sizeof(SkScalar));
+ memcpy(fMat, buffer, sizeInMemory);
this->setTypeMask(kUnknown_Mask);
}
- return 9 * sizeof(SkScalar);
+ return sizeInMemory;
}
#ifdef SK_DEVELOPER