| 0951fe12984944406e0f1bb105b9fa4c54fcdcdd |
|
06-Jun-2014 |
sugoi <sugoi@chromium.org> |
Fixing another clusterfuzz issue
This was introduced by removing SkValidatingReadBuffer::readBitmap in https://codereview.chromium.org/295793002/
Since SkReadBuffer::skip wasn't virtual, it was using the unsafe SkReadBuffer::skip within SkReadBuffer::readBitmap rather than using SkValidatingReadBuffer::skip. I also removed direct uses of fReader within SkReadBuffer::readBitmap so that it can use the virtual readInt / readFixed functions that have a version in SkValidatingReadBuffer.
Also, I changed SkReadBuffer::readPoint so that it uses the virtual readScalar, that way, it becomes redundant with SkValidatingReadBuffer::readPoint, which can then be removed.
BUG=380723
R=reed@google.com, mtklein@google.com, sugoi@google.com
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/317003003
/external/skia/src/core/SkValidatingReadBuffer.h
|
| 968edcafa61442dc4f7f8ed8f89523d0f353e9fb |
|
23-May-2014 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
stop calling SkBitmap::flatten
BUG=skia:
R=scroggo@google.com, halcanary@google.com
Author: reed@google.com
Review URL: https://codereview.chromium.org/295793002
git-svn-id: http://skia.googlecode.com/svn/trunk@14867 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| 83f23d87f1d67e6e73873e1ef7cda621c43703a0 |
|
22-May-2014 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Remove unused (by clients) SkUnitMapper
This reverts commit 874423a81b5bc2541c7397e6ab00d5e7c9fdaf98.
TBR=scroggo
Author: reed@google.com
Review URL: https://codereview.chromium.org/288313009
git-svn-id: http://skia.googlecode.com/svn/trunk@14842 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| 3339ac54a5ed75f2872ab16e9052a8b9ff3564bf |
|
22-May-2014 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Revert of Remove unused (by clients) SkUnitMapper (https://codereview.chromium.org/283273002/) (https://codereview.chromium.org/288343009/)
Reason for revert:
required blink change failed to land
Original issue's description:
> Remove unused (by clients) SkUnitMapper (https://codereview.chromium.org/283273002/)
>
> This reverts commit dd50c83b5b34dab3a077741861b50ed1f2bc6b8f.
>
> BUG=skia:
>
> Committed: http://code.google.com/p/skia/source/detail?r=14830
R=scroggo@google.com, reed@google.com
TBR=reed@google.com, scroggo@google.com
NOTREECHECKS=true
NOTRY=true
BUG=skia:
Author: reed@chromium.org
Review URL: https://codereview.chromium.org/296823008
git-svn-id: http://skia.googlecode.com/svn/trunk@14838 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| 4b8f8022550daa7458ed3de207d1300917d4a8cb |
|
21-May-2014 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Remove unused (by clients) SkUnitMapper (https://codereview.chromium.org/283273002/)
This reverts commit dd50c83b5b34dab3a077741861b50ed1f2bc6b8f.
BUG=skia:
R=scroggo@google.com
Author: reed@google.com
Review URL: https://codereview.chromium.org/288343009
git-svn-id: http://skia.googlecode.com/svn/trunk@14830 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| e2b193ca5c76f01f8e12b4a92e9bd6ccb3ed4280 |
|
16-May-2014 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Revert of remove unused (by clients) SkUnitMapper (https://codereview.chromium.org/283273002/)
Reason for revert:
does not address all legacy callsites in chrome.
e.g.
[13:45:32.091872] ../../ui/native_theme/native_theme_base.cc:608:76: error: no matching function for call to ‘SkGradientShader::CreateLinear(SkPoint [3], SkColor [3], NULL, int, SkShader::TileMode, NULL)’
[13:45:32.091919] gradient_bounds, colors, NULL, 3, SkShader::kClamp_TileMode, NULL));
Original issue's description:
> remove unused (by clients) SkUnitMapper
>
> BUG=skia:
>
> Committed: http://code.google.com/p/skia/source/detail?r=14761
R=robertphillips@google.com, scroggo@google.com, george@mozilla.com
TBR=george@mozilla.com, robertphillips@google.com, scroggo@google.com
NOTREECHECKS=true
NOTRY=true
BUG=skia:
Author: reed@google.com
Review URL: https://codereview.chromium.org/287063009
git-svn-id: http://skia.googlecode.com/svn/trunk@14763 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| ee0cac336c6a3a357ae3cb18be8ef4b3cb5edddb |
|
16-May-2014 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
remove unused (by clients) SkUnitMapper
BUG=skia:
R=robertphillips@google.com, scroggo@google.com, george@mozilla.com
Author: reed@google.com
Review URL: https://codereview.chromium.org/283273002
git-svn-id: http://skia.googlecode.com/svn/trunk@14761 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| 9e5f85e89d03a850d435fc951e74e9861a0c1bdd |
|
12-Mar-2014 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Fixing SkPicture serialization
Fixed a few issues while attempting to use the new
serialization path for SkPicture inside a fuzzer:
- SkReadBuffer and SkValidatingReadBuffer both had a fReader
member instead of sharing the same member, which leads to
problems if a base class function is used
- In SkPicture, a header is now written as a single chunk of
data, so it also has to be read as a single chunk of data
- In the SkPicturePlayback destructor, a bad deserialization
would lead to a crash if we don't safely unref fOpData
- Also in SkPicturePlayback, if we only use a ReadBuffer for
the whole deserialization, additional tags must be added to
parseBufferTag()
- SkValidatingReadBuffer::readBitmap() was broken, but this
path wasn't usen't since the only use case for
SkValidatingReadBuffer is currently image filters and
bitmaps are unflattened as part of the deserialization of
SkBitmapSource
- SkPictureImageFilter was not deserializable. Added it to
SkGlobalInitialization*
- Added a test that exercises the SkPicture serialization /
deserialization code
BUG=skia:
R=senorblanco@google.com, senorblanco@chromium.org, reed@google.com, robertphillips@google.com
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/195223003
git-svn-id: http://skia.googlecode.com/svn/trunk@13764 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| 8b0e8ac5f582de80356019406e2975079bf0829d |
|
30-Jan-2014 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Refactor read and write buffers.
Eliminates SkFlattenable{Read,Write}Buffer, promoting SkOrdered{Read,Write}Buffer
a step each in the hierarchy.
What used to be this:
SkFlattenableWriteBuffer -> SkOrderedWriteBuffer
SkFlattenableReadBuffer -> SkOrderedReadBuffer
SkFlattenableReadBuffer -> SkValidatingReadBuffer
is now
SkWriteBuffer
SkReadBuffer -> SkValidatingReadBuffer
Benefits:
- code is simpler, names are less wordy
- the generic SkFlattenableFooBuffer code in SkPaint was incorrect; removed
- write buffers are completely devirtualized, important for record speed
This refactoring was mostly mechanical. You aren't going to find anything
interesting in files with less than 10 lines changed.
BUG=skia:
R=reed@google.com, scroggo@google.com, djsollen@google.com, mtklein@google.com
Author: mtklein@chromium.org
Review URL: https://codereview.chromium.org/134163010
git-svn-id: http://skia.googlecode.com/svn/trunk@13245 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| ef74fa189b738e13295d6a96f86a6e10223505a8 |
|
17-Dec-2013 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Fixed more fuzzer issues
- Added the "isAvailable" function to check how much bytes are remaining in the stream before doing potentially large mallocs. That way, we can signal a bad stream instead of crashing.
- Added data validation in SkImageInfo.cpp
- Added NULL pointer check in displacement
- Modified the fuzzer for randomized bitmap types
BUG=328934,329254
R=senorblanco@google.com, senorblanco@chromium.org, reed@google.com, sugoi@google.com
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/116773002
git-svn-id: http://skia.googlecode.com/svn/trunk@12723 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| c2e9db30d393862bd3485cfe57b4ac06433f2f32 |
|
06-Dec-2013 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Fixed a few places where uninitialized memory could have been read
Also added early exit in SkImageFilter's constructor to avoid attempting to deserialize all inputs once a bad input has been found. This avoids hanging if a filter pretends to have 1 billion inputs when that's just an error on the number of inputs read by the filter.
BUG=326206,326197,326229
R=senorblanco@chromium.org, senorblanco@google.com, reed@google.com, sugoi@google.com
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/106943002
git-svn-id: http://skia.googlecode.com/svn/trunk@12544 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| 8f457e3230f1a4ce737f512ffbb5c919b8d02407 |
|
08-Nov-2013 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Adding error checks to SkRBuffer
BUG=
R=robertphillips@google.com, bsalomon@google.com, reed@google.com
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/61913002
git-svn-id: http://skia.googlecode.com/svn/trunk@12202 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| 025128811219dc45fd99b6c4d1d14f833cf7a26e |
|
31-Oct-2013 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Adding size parameter to read array functions
In some cases, the allocated array into which the data will be read is using getArrayCount() to allocate itself, which should be safe, but some cases use fixed length arrays or compute the array size before reading, which could overflow if the stream is compromised.
To prevent that from happening, I added a check that will verify that the number of bytes to read will not exceed the capacity of the input buffer argument passed to all the read...Array() functions.
I chose to use the byte array for this initial version, so that "size" represents the same value across all read...Array() functions, but I could also use the element count, if it is preferred.
Note : readPointArray and writePointArray are unused, so I could also remove them
BUG=
R=reed@google.com, mtklein@google.com, senorblanco@chromium.org
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/37803002
git-svn-id: http://skia.googlecode.com/svn/trunk@12058 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| c0b7e10c6a68f59e1653e6c18e6bc954b3c3f0cf |
|
23-Oct-2013 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Initial error handling code
I made it as simple as possible. The impact seems minimal and it should do what's necessary to make this code secure.
BUG=
Committed: http://code.google.com/p/skia/source/detail?r=11247
R=reed@google.com, scroggo@google.com, djsollen@google.com, sugoi@google.com, bsalomon@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org
Author: sugoi@chromium.org
Review URL: https://codereview.chromium.org/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk@11922 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| 24ddde97581624777feebc9e95ae558282f95d4c |
|
16-Sep-2013 |
robertphillips@google.com <robertphillips@google.com@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Revert 11247, 11250, 11251, 11257, and 11279 to unblock DEPS roll (https://codereview.chromium.org/24159002/)
11279 Sanitizing source files in Housekeeper-Nightly - https://code.google.com/p/skia/source/detail?r=11279
11257 Canary build fix - https://codereview.chromium.org/23532068
11251 More warnings as errors fixes - https://code.google.com/p/skia/source/detail?r=11251
11250 Warnings as errors fix - https://code.google.com/p/skia/source/detail?r=11250
11247 Initial error handling code - https://chromiumcodereview.appspot.com/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk@11288 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| ba6e954140e45e251d67934ed6ad752149fcf72f |
|
16-Sep-2013 |
robertphillips@google.com <robertphillips@google.com@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Revert the revert of 11247, 11250, 11251 and 11279 (Chrome already relies on changes in r11247)
git-svn-id: http://skia.googlecode.com/svn/trunk@11287 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| 478884f7d3b8c7be8b62f3fa2b79192f411c3fec |
|
16-Sep-2013 |
robertphillips@google.com <robertphillips@google.com@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Revert 11247, 11250, 11251 and 11279 to unblock DEPS roll (https://codereview.chromium.org/24159002/)
11279 Sanitizing source files in Housekeeper-Nightly - https://code.google.com/p/skia/source/detail?r=11279
11251 More warnings as errors fixes - https://code.google.com/p/skia/source/detail?r=11251
11250 Warnings as errors fix - https://code.google.com/p/skia/source/detail?r=11250
11247 Initial error handling code - https://chromiumcodereview.appspot.com/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk@11285 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|
| 5792cded61a7302f32bd0f4aeda51a9b2f1d00f6 |
|
13-Sep-2013 |
commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> |
Initial error handling code
I made it as simple as possible. The impact seems minimal and it should do what's necessary to make this code secure.
BUG=
R=reed@google.com, scroggo@google.com, djsollen@google.com, sugoi@google.com, bsalomon@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org
Author: sugoi@chromium.org
Review URL: https://chromiumcodereview.appspot.com/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk@11247 2bbb7eff-a529-9590-31e7-b0007b416f81
/external/skia/src/core/SkValidatingReadBuffer.h
|