Cross Reference: /external/skia/src/core/SkValidatingReadBuffer.cpp

History log of /external/skia/src/core/SkValidatingReadBuffer.cpp
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
968edcafa61442dc4f7f8ed8f89523d0f353e9fb	23-May-2014	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	stop calling SkBitmap::flatten BUG=skia: R=scroggo@google.com, halcanary@google.com Author: reed@google.com Review URL: https://codereview.chromium.org/295793002 git-svn-id: http://skia.googlecode.com/svn/trunk@14867 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
7693dbf46e9bf0159cc9032059738d418469a7ad	23-May-2014	skia.committer@gmail.com <skia.committer@gmail.com@2bbb7eff-a529-9590-31e7-b0007b416f81>	Sanitizing source files in Housekeeper-Nightly git-svn-id: http://skia.googlecode.com/svn/trunk@14862 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
83f23d87f1d67e6e73873e1ef7cda621c43703a0	22-May-2014	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Remove unused (by clients) SkUnitMapper This reverts commit 874423a81b5bc2541c7397e6ab00d5e7c9fdaf98. TBR=scroggo Author: reed@google.com Review URL: https://codereview.chromium.org/288313009 git-svn-id: http://skia.googlecode.com/svn/trunk@14842 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
3339ac54a5ed75f2872ab16e9052a8b9ff3564bf	22-May-2014	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Revert of Remove unused (by clients) SkUnitMapper (https://codereview.chromium.org/283273002/) (https://codereview.chromium.org/288343009/) Reason for revert: required blink change failed to land Original issue's description: > Remove unused (by clients) SkUnitMapper (https://codereview.chromium.org/283273002/) > > This reverts commit dd50c83b5b34dab3a077741861b50ed1f2bc6b8f. > > BUG=skia: > > Committed: http://code.google.com/p/skia/source/detail?r=14830 R=scroggo@google.com, reed@google.com TBR=reed@google.com, scroggo@google.com NOTREECHECKS=true NOTRY=true BUG=skia: Author: reed@chromium.org Review URL: https://codereview.chromium.org/296823008 git-svn-id: http://skia.googlecode.com/svn/trunk@14838 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
4b8f8022550daa7458ed3de207d1300917d4a8cb	21-May-2014	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Remove unused (by clients) SkUnitMapper (https://codereview.chromium.org/283273002/) This reverts commit dd50c83b5b34dab3a077741861b50ed1f2bc6b8f. BUG=skia: R=scroggo@google.com Author: reed@google.com Review URL: https://codereview.chromium.org/288343009 git-svn-id: http://skia.googlecode.com/svn/trunk@14830 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
e2b193ca5c76f01f8e12b4a92e9bd6ccb3ed4280	16-May-2014	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Revert of remove unused (by clients) SkUnitMapper (https://codereview.chromium.org/283273002/) Reason for revert: does not address all legacy callsites in chrome. e.g. [13:45:32.091872] ../../ui/native_theme/native_theme_base.cc:608:76: error: no matching function for call to ‘SkGradientShader::CreateLinear(SkPoint [3], SkColor [3], NULL, int, SkShader::TileMode, NULL)’ [13:45:32.091919] gradient_bounds, colors, NULL, 3, SkShader::kClamp_TileMode, NULL)); Original issue's description: > remove unused (by clients) SkUnitMapper > > BUG=skia: > > Committed: http://code.google.com/p/skia/source/detail?r=14761 R=robertphillips@google.com, scroggo@google.com, george@mozilla.com TBR=george@mozilla.com, robertphillips@google.com, scroggo@google.com NOTREECHECKS=true NOTRY=true BUG=skia: Author: reed@google.com Review URL: https://codereview.chromium.org/287063009 git-svn-id: http://skia.googlecode.com/svn/trunk@14763 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
ee0cac336c6a3a357ae3cb18be8ef4b3cb5edddb	16-May-2014	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	remove unused (by clients) SkUnitMapper BUG=skia: R=robertphillips@google.com, scroggo@google.com, george@mozilla.com Author: reed@google.com Review URL: https://codereview.chromium.org/283273002 git-svn-id: http://skia.googlecode.com/svn/trunk@14761 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
1ac99c890b8afe957385a7625fd3b759f31be249	29-Apr-2014	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Fixed issue found by clusterfuzz An integer overflow was causing an issue when reading a string with a very large (or negative) size. BUG=367764 R=senorblanco@google.com, senorblanco@chromium.org, reed@google.com, borenet@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/255693003 git-svn-id: http://skia.googlecode.com/svn/trunk@14434 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
f117781362ecf673f43f93918781853690f0e145	23-Apr-2014	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	fix size_t/int warnings BUG=skia: R=mtklein@google.com Author: reed@google.com Review URL: https://codereview.chromium.org/247753003 git-svn-id: http://skia.googlecode.com/svn/trunk@14332 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
9e5f85e89d03a850d435fc951e74e9861a0c1bdd	12-Mar-2014	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Fixing SkPicture serialization Fixed a few issues while attempting to use the new serialization path for SkPicture inside a fuzzer: - SkReadBuffer and SkValidatingReadBuffer both had a fReader member instead of sharing the same member, which leads to problems if a base class function is used - In SkPicture, a header is now written as a single chunk of data, so it also has to be read as a single chunk of data - In the SkPicturePlayback destructor, a bad deserialization would lead to a crash if we don't safely unref fOpData - Also in SkPicturePlayback, if we only use a ReadBuffer for the whole deserialization, additional tags must be added to parseBufferTag() - SkValidatingReadBuffer::readBitmap() was broken, but this path wasn't usen't since the only use case for SkValidatingReadBuffer is currently image filters and bitmaps are unflattened as part of the deserialization of SkBitmapSource - SkPictureImageFilter was not deserializable. Added it to SkGlobalInitialization* - Added a test that exercises the SkPicture serialization / deserialization code BUG=skia: R=senorblanco@google.com, senorblanco@chromium.org, reed@google.com, robertphillips@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/195223003 git-svn-id: http://skia.googlecode.com/svn/trunk@13764 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
8b0e8ac5f582de80356019406e2975079bf0829d	30-Jan-2014	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Refactor read and write buffers. Eliminates SkFlattenable{Read,Write}Buffer, promoting SkOrdered{Read,Write}Buffer a step each in the hierarchy. What used to be this: SkFlattenableWriteBuffer -> SkOrderedWriteBuffer SkFlattenableReadBuffer -> SkOrderedReadBuffer SkFlattenableReadBuffer -> SkValidatingReadBuffer is now SkWriteBuffer SkReadBuffer -> SkValidatingReadBuffer Benefits: - code is simpler, names are less wordy - the generic SkFlattenableFooBuffer code in SkPaint was incorrect; removed - write buffers are completely devirtualized, important for record speed This refactoring was mostly mechanical. You aren't going to find anything interesting in files with less than 10 lines changed. BUG=skia: R=reed@google.com, scroggo@google.com, djsollen@google.com, mtklein@google.com Author: mtklein@chromium.org Review URL: https://codereview.chromium.org/134163010 git-svn-id: http://skia.googlecode.com/svn/trunk@13245 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
ef74fa189b738e13295d6a96f86a6e10223505a8	17-Dec-2013	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Fixed more fuzzer issues - Added the "isAvailable" function to check how much bytes are remaining in the stream before doing potentially large mallocs. That way, we can signal a bad stream instead of crashing. - Added data validation in SkImageInfo.cpp - Added NULL pointer check in displacement - Modified the fuzzer for randomized bitmap types BUG=328934,329254 R=senorblanco@google.com, senorblanco@chromium.org, reed@google.com, sugoi@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/116773002 git-svn-id: http://skia.googlecode.com/svn/trunk@12723 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
c2e9db30d393862bd3485cfe57b4ac06433f2f32	06-Dec-2013	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Fixed a few places where uninitialized memory could have been read Also added early exit in SkImageFilter's constructor to avoid attempting to deserialize all inputs once a bad input has been found. This avoids hanging if a filter pretends to have 1 billion inputs when that's just an error on the number of inputs read by the filter. BUG=326206,326197,326229 R=senorblanco@chromium.org, senorblanco@google.com, reed@google.com, sugoi@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/106943002 git-svn-id: http://skia.googlecode.com/svn/trunk@12544 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
d6bab0238655dbab24dfe92bd0b16b464310a8c7	02-Dec-2013	rmistry@google.com <rmistry@google.com@2bbb7eff-a529-9590-31e7-b0007b416f81>	Reverting r12427 git-svn-id: http://skia.googlecode.com/svn/trunk@12428 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
5b39f5ba9c339d1e4dae391fee9ec1396feec180	02-Dec-2013	skia.committer@gmail.com <skia.committer@gmail.com@2bbb7eff-a529-9590-31e7-b0007b416f81>	Sanitizing source files in Housekeeper-Nightly git-svn-id: http://skia.googlecode.com/svn/trunk@12427 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
72ca2654ef1e9bc36b28fa2490015db88ace3a7b	27-Nov-2013	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Fixed bad memory access BUG=323595 R=senorblanco@google.com, reed@google.com, sugoi@google.com, senorblanco@chromium.org Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/88643004 git-svn-id: http://skia.googlecode.com/svn/trunk@12410 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
46a9bb8d71529e4a8c2ca9c68e280ea989d5bece	22-Nov-2013	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Fixing issues found by fuzzer BUG=321802,321790 R=reed@google.com, senorblanco@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/83073005 git-svn-id: http://skia.googlecode.com/svn/trunk@12362 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
8f457e3230f1a4ce737f512ffbb5c919b8d02407	08-Nov-2013	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Adding error checks to SkRBuffer BUG= R=robertphillips@google.com, bsalomon@google.com, reed@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/61913002 git-svn-id: http://skia.googlecode.com/svn/trunk@12202 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
4faa869cdabbdcf4867118b4a1272296baaeeb52	05-Nov-2013	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. BUG= R=reed@google.com, mtklein@google.com, senorblanco@chromium.org Committed: https://code.google.com/p/skia/source/detail?r=12114 Committed: https://code.google.com/p/skia/source/detail?r=12119 Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/41253002 git-svn-id: http://skia.googlecode.com/svn/trunk@12130 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
12a23866fe18e800da1d361d000a359ea36696eb	04-Nov-2013	reed@google.com <reed@google.com@2bbb7eff-a529-9590-31e7-b0007b416f81>	Revert "Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream." This reverts commit 6bc22e8ef1ea70a1b58409aa21254358c50f149a. git-svn-id: http://skia.googlecode.com/svn/trunk@12124 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
b48a59ae81a35642fe715a5cdd6fd758b652bff3	04-Nov-2013	sugoi@google.com <sugoi@google.com@2bbb7eff-a529-9590-31e7-b0007b416f81>	Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. BUG= R=reed@google.com Committed: https://code.google.com/p/skia/source/detail?r=12114 Review URL: https://codereview.chromium.org/41253002 git-svn-id: http://skia.googlecode.com/svn/trunk@12119 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
eb221268ab1067af7c48e04a75147d4bcca87191	04-Nov-2013	epoger@google.com <epoger@google.com@2bbb7eff-a529-9590-31e7-b0007b416f81>	Revert r12114 due to https://code.google.com/p/skia/issues/detail?id=1794 ('Assertion failures on various buildbots as of r12114') git-svn-id: http://skia.googlecode.com/svn/trunk@12115 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
305f78e8c18a26b7ead11758d6a4fa0519932cca	04-Nov-2013	sugoi@google.com <sugoi@google.com@2bbb7eff-a529-9590-31e7-b0007b416f81>	Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. BUG= R=reed@google.com Review URL: https://codereview.chromium.org/41253002 git-svn-id: http://skia.googlecode.com/svn/trunk@12114 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
025128811219dc45fd99b6c4d1d14f833cf7a26e	31-Oct-2013	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Adding size parameter to read array functions In some cases, the allocated array into which the data will be read is using getArrayCount() to allocate itself, which should be safe, but some cases use fixed length arrays or compute the array size before reading, which could overflow if the stream is compromised. To prevent that from happening, I added a check that will verify that the number of bytes to read will not exceed the capacity of the input buffer argument passed to all the read...Array() functions. I chose to use the byte array for this initial version, so that "size" represents the same value across all read...Array() functions, but I could also use the element count, if it is preferred. Note : readPointArray and writePointArray are unused, so I could also remove them BUG= R=reed@google.com, mtklein@google.com, senorblanco@chromium.org Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/37803002 git-svn-id: http://skia.googlecode.com/svn/trunk@12058 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
77e079af1a909ee9d14306db48561d77e2f9fcab	28-Oct-2013	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Enabling validation code in serialization and adding serialization to fuzzer BUG= Committed: http://code.google.com/p/skia/source/detail?r=11968 R=reed@google.com, mtklein@google.com, senorblanco@chromium.org, bsalomon@google.com, robertphillips@google.com Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/44573002 git-svn-id: http://skia.googlecode.com/svn/trunk@11981 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
d594dbec0407343b7ac13af9c4580ec5933ab060	23-Oct-2013	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Follow up to serialization validation code 1 ) Added check for bool to make sure is it either 0 or 1 and not garbage 2 ) Added more solid kernel size checks in SkMatrixConvolutionImageFilter 3 ) Make sure array size is validated in SkMergeImageFilter BUG= R=reed@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/23548034 git-svn-id: http://skia.googlecode.com/svn/trunk@11925 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
c0b7e10c6a68f59e1653e6c18e6bc954b3c3f0cf	23-Oct-2013	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Initial error handling code I made it as simple as possible. The impact seems minimal and it should do what's necessary to make this code secure. BUG= Committed: http://code.google.com/p/skia/source/detail?r=11247 R=reed@google.com, scroggo@google.com, djsollen@google.com, sugoi@google.com, bsalomon@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org Author: sugoi@chromium.org Review URL: https://codereview.chromium.org/23021015 git-svn-id: http://skia.googlecode.com/svn/trunk@11922 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
24ddde97581624777feebc9e95ae558282f95d4c	16-Sep-2013	robertphillips@google.com <robertphillips@google.com@2bbb7eff-a529-9590-31e7-b0007b416f81>	Revert 11247, 11250, 11251, 11257, and 11279 to unblock DEPS roll (https://codereview.chromium.org/24159002/) 11279 Sanitizing source files in Housekeeper-Nightly - https://code.google.com/p/skia/source/detail?r=11279 11257 Canary build fix - https://codereview.chromium.org/23532068 11251 More warnings as errors fixes - https://code.google.com/p/skia/source/detail?r=11251 11250 Warnings as errors fix - https://code.google.com/p/skia/source/detail?r=11250 11247 Initial error handling code - https://chromiumcodereview.appspot.com/23021015 git-svn-id: http://skia.googlecode.com/svn/trunk@11288 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
ba6e954140e45e251d67934ed6ad752149fcf72f	16-Sep-2013	robertphillips@google.com <robertphillips@google.com@2bbb7eff-a529-9590-31e7-b0007b416f81>	Revert the revert of 11247, 11250, 11251 and 11279 (Chrome already relies on changes in r11247) git-svn-id: http://skia.googlecode.com/svn/trunk@11287 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
478884f7d3b8c7be8b62f3fa2b79192f411c3fec	16-Sep-2013	robertphillips@google.com <robertphillips@google.com@2bbb7eff-a529-9590-31e7-b0007b416f81>	Revert 11247, 11250, 11251 and 11279 to unblock DEPS roll (https://codereview.chromium.org/24159002/) 11279 Sanitizing source files in Housekeeper-Nightly - https://code.google.com/p/skia/source/detail?r=11279 11251 More warnings as errors fixes - https://code.google.com/p/skia/source/detail?r=11251 11250 Warnings as errors fix - https://code.google.com/p/skia/source/detail?r=11250 11247 Initial error handling code - https://chromiumcodereview.appspot.com/23021015 git-svn-id: http://skia.googlecode.com/svn/trunk@11285 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp
5792cded61a7302f32bd0f4aeda51a9b2f1d00f6	13-Sep-2013	commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>	Initial error handling code I made it as simple as possible. The impact seems minimal and it should do what's necessary to make this code secure. BUG= R=reed@google.com, scroggo@google.com, djsollen@google.com, sugoi@google.com, bsalomon@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org Author: sugoi@chromium.org Review URL: https://chromiumcodereview.appspot.com/23021015 git-svn-id: http://skia.googlecode.com/svn/trunk@11247 2bbb7eff-a529-9590-31e7-b0007b416f81 /external/skia/src/core/SkValidatingReadBuffer.cpp