Fixed more fuzzer issues - Added the "isAvailable" function to check how much bytes are remaining in the stream before doing potentially large mallocs. That way, we can signal a bad stream instead of crashing. - Added data validation in SkImageInfo.cpp - Added NULL pointer check in displacement - Modified the fuzzer for randomized bitmap types BUG=328934,329254 R=senorblanco@google.com, senorblanco@chromium.org, reed@google.com, sugoi@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/116773002 git-svn-id: http://skia.googlecode.com/svn/trunk@12723 2bbb7eff-a529-9590-31e7-b0007b416f81

commit: ef74fa189b738e13295d6a96f86a6e10223505a8 [log] [tgz]
author: commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> Tue Dec 17 20:49:46 2013 +0000
committer: commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> Tue Dec 17 20:49:46 2013 +0000
tree: 3434cb996555b725b71a520a93c8781923bc04ec
parent: 7d0b6131918c1b8d458a95f6b5e79f92f958b78f [diff] [blame]
diff --git a/src/effects/SkTableColorFilter.cpp b/src/effects/SkTableColorFilter.cpp
index e15baf6..203f058 100644
--- a/src/effects/SkTableColorFilter.cpp
+++ b/src/effects/SkTableColorFilter.cpp

@@ -189,6 +189,7 @@
 
     size_t size = buffer.getArrayCount();
     SkASSERT(size <= sizeof(storage));
+    buffer.validate(size <= sizeof(storage));
     buffer.readByteArray(storage, size);
 
     SkDEBUGCODE(size_t raw = ) SkPackBits::Unpack8(storage, size, fStorage);
commit	ef74fa189b738e13295d6a96f86a6e10223505a8	[log] [tgz]
author	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Tue Dec 17 20:49:46 2013 +0000
committer	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Tue Dec 17 20:49:46 2013 +0000
tree	3434cb996555b725b71a520a93c8781923bc04ec
parent	7d0b6131918c1b8d458a95f6b5e79f92f958b78f [diff] [blame]