diff options
| -rw-r--r-- | core/SkImageInfo.cpp | 10 | ||||
| -rw-r--r-- | core/SkMallocPixelRef.cpp | 2 | ||||
| -rw-r--r-- | core/SkRegion_path.cpp | 5 |
3 files changed, 16 insertions, 1 deletions
diff --git a/core/SkImageInfo.cpp b/core/SkImageInfo.cpp index 461bdc03..967b4f6f 100644 --- a/core/SkImageInfo.cpp +++ b/core/SkImageInfo.cpp @@ -8,6 +8,14 @@ #include "SkImageInfo.h" #include "SkFlattenableBuffers.h" +static bool alpha_type_is_valid(SkAlphaType alphaType) { + return (alphaType >= 0) && (alphaType <= kLastEnum_SkAlphaType); +} + +static bool color_type_is_valid(SkColorType colorType) { + return (colorType >= 0) && (colorType <= kLastEnum_SkColorType); +} + void SkImageInfo::unflatten(SkFlattenableReadBuffer& buffer) { fWidth = buffer.read32(); fHeight = buffer.read32(); @@ -16,6 +24,8 @@ void SkImageInfo::unflatten(SkFlattenableReadBuffer& buffer) { SkASSERT(0 == (packed >> 16)); fAlphaType = (SkAlphaType)((packed >> 8) & 0xFF); fColorType = (SkColorType)((packed >> 0) & 0xFF); + buffer.validate(alpha_type_is_valid(fAlphaType) && + color_type_is_valid(fColorType)); } void SkImageInfo::flatten(SkFlattenableWriteBuffer& buffer) const { diff --git a/core/SkMallocPixelRef.cpp b/core/SkMallocPixelRef.cpp index 25337e7b..d3bf9d18 100644 --- a/core/SkMallocPixelRef.cpp +++ b/core/SkMallocPixelRef.cpp @@ -142,7 +142,7 @@ SkMallocPixelRef::SkMallocPixelRef(SkFlattenableReadBuffer& buffer) , fOwnPixels(true) { fRB = buffer.read32(); - size_t size = this->info().getSafeSize(fRB); + size_t size = buffer.isValid() ? this->info().getSafeSize(fRB) : 0; fStorage = sk_malloc_throw(size); buffer.readByteArray(fStorage, size); if (buffer.readBool()) { diff --git a/core/SkRegion_path.cpp b/core/SkRegion_path.cpp index ec4d9f01..98e937cb 100644 --- a/core/SkRegion_path.cpp +++ b/core/SkRegion_path.cpp @@ -15,6 +15,7 @@ class SkRgnBuilder : public SkBlitter { public: + SkRgnBuilder(); virtual ~SkRgnBuilder(); // returns true if it could allocate the working storage needed @@ -98,6 +99,10 @@ private: } }; +SkRgnBuilder::SkRgnBuilder() + : fStorage(NULL) { +} + SkRgnBuilder::~SkRgnBuilder() { sk_free(fStorage); } |