Add check for bad enum in SkMatrixConvolutionImageFilter's CreateProc
Bug: chromium:794402,chromium:799775
Change-Id: Ifbc9714b0095c8f4ca44d444bc48514dc90d7f4d
Reviewed-on: https://skia-review.googlesource.com/99203
Commit-Queue: Robert Phillips <robertphillips@google.com>
Reviewed-by: Mike Reed <reed@google.com>
diff --git a/src/effects/SkMatrixConvolutionImageFilter.cpp b/src/effects/SkMatrixConvolutionImageFilter.cpp
index de73353..12ecfd8 100644
--- a/src/effects/SkMatrixConvolutionImageFilter.cpp
+++ b/src/effects/SkMatrixConvolutionImageFilter.cpp
@@ -11,6 +11,7 @@
#include "SkColorSpaceXformer.h"
#include "SkImageFilterPriv.h"
#include "SkReadBuffer.h"
+#include "SkSafeRange.h"
#include "SkSpecialImage.h"
#include "SkWriteBuffer.h"
#include "SkRect.h"
@@ -79,7 +80,10 @@
}
sk_sp<SkFlattenable> SkMatrixConvolutionImageFilter::CreateProc(SkReadBuffer& buffer) {
+ SkSafeRange safe;
+
SK_IMAGEFILTER_UNFLATTEN_COMMON(common, 1);
+
SkISize kernelSize;
kernelSize.fWidth = buffer.readInt();
kernelSize.fHeight = buffer.readInt();
@@ -98,8 +102,14 @@
SkIPoint kernelOffset;
kernelOffset.fX = buffer.readInt();
kernelOffset.fY = buffer.readInt();
- TileMode tileMode = (TileMode)buffer.readInt();
+
+ TileMode tileMode = safe.checkLE<TileMode>(buffer.readInt(), kLast_TileMode);
bool convolveAlpha = buffer.readBool();
+
+ if (!buffer.validate(safe)) {
+ return nullptr;
+ }
+
return Make(kernelSize, kernel.get(), gain, bias, kernelOffset, tileMode,
convolveAlpha, common.getInput(0), &common.cropRect());
}