commit 4f3e84f80bd3e552c05653773ad428f21348fdfd
author commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> Thu Oct 31 18:37:50 2013 +0000
committer commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81> Thu Oct 31 18:37:50 2013 +0000
tree f643757ec4338a9fade7f7b96dc5c0d06b1be35f
parent 83f9f7e836c0cf22241d9a9cb80deafb526993e0

Adding size parameter to read array functions

In some cases, the allocated array into which the data will be read is using getArrayCount() to allocate itself, which should be safe, but some cases use fixed length arrays or compute the array size before reading, which could overflow if the stream is compromised.

To prevent that from happening, I added a check that will verify that the number of bytes to read will not exceed the capacity of the input buffer argument passed to all the read...Array() functions.

I chose to use the byte array for this initial version, so that "size" represents the same value across all read...Array() functions, but I could also use the element count, if it is preferred.

Note : readPointArray and writePointArray are unused, so I could also remove them

BUG=
R=reed@google.com, mtklein@google.com, senorblanco@chromium.org

Author: sugoi@chromium.org

Review URL: https://codereview.chromium.org/37803002

git-svn-id: http://skia.googlecode.com/svn/trunk/include@12058 2bbb7eff-a529-9590-31e7-b0007b416f81

core/SkFlattenableBuffers.h

diff --git a/core/SkFlattenableBuffers.h b/core/SkFlattenableBuffers.h
index 6e44550..8a94bb1 100644
--- a/core/SkFlattenableBuffers.h
+++ b/core/SkFlattenableBuffers.h
@@ -99,11 +99,24 @@
     virtual void readPath(SkPath* path) = 0;
 
     // binary data and arrays
-    virtual uint32_t readByteArray(void* value) = 0;
-    virtual uint32_t readColorArray(SkColor* colors) = 0;
-    virtual uint32_t readIntArray(int32_t* values) = 0;
-    virtual uint32_t readPointArray(SkPoint* points) = 0;
-    virtual uint32_t readScalarArray(SkScalar* values) = 0;
+
+    /**
+      * In the following read.*Array(...) functions, the size parameter specifies the allocation
+      * size in number of elements (or in bytes, for void*) of the pointer parameter. If the
+      * pointer parameter's size does not match the size to be read, the pointer parameter's memory
+      * will then stay uninitialized, the cursor will be moved to the end of the stream and, in the
+      * case where isValidating() is true, an error flag will be set internally (see
+      * SkValidatingReadBuffer).
+      * If the sizes match, then "size" amount of memory will be read.
+      *
+      * @param size amount of memory expected to be read
+      * @return true if the size parameter matches the size to be read, false otherwise
+      */
+    virtual bool readByteArray(void* value, size_t size) = 0;
+    virtual bool readColorArray(SkColor* colors, size_t size) = 0;
+    virtual bool readIntArray(int32_t* values, size_t size) = 0;
+    virtual bool readPointArray(SkPoint* points, size_t size) = 0;
+    virtual bool readScalarArray(SkScalar* values, size_t size) = 0;
 
     /** This helper peeks into the buffer and reports back the length of the next array in
      *  the buffer but does not change the state of the buffer.
@@ -127,7 +140,7 @@
     SkData* readByteArrayAsData() {
         size_t len = this->getArrayCount();
         void* buffer = sk_malloc_throw(len);
-        (void)this->readByteArray(buffer);
+        (void)this->readByteArray(buffer, len);
         return SkData::NewFromMalloc(buffer, len);
     }