Initial error handling code
I made it as simple as possible. The impact seems minimal and it should do what's necessary to make this code secure.
BUG=
R=reed@google.com, scroggo@google.com, djsollen@google.com, sugoi@google.com, bsalomon@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org
Author: sugoi@chromium.org
Review URL: https://chromiumcodereview.appspot.com/23021015
git-svn-id: http://skia.googlecode.com/svn/trunk/include@11247 2bbb7eff-a529-9590-31e7-b0007b416f81
diff --git a/core/SkBitmap.h b/core/SkBitmap.h
index 887169c..79b6fa6 100644
--- a/core/SkBitmap.h
+++ b/core/SkBitmap.h
@@ -52,6 +52,7 @@
kRGB_565_Config, //!< 16-bits per pixel, (see SkColorPriv.h for packing)
kARGB_4444_Config, //!< 16-bits per pixel, (see SkColorPriv.h for packing)
kARGB_8888_Config, //!< 32-bits per pixel, (see SkColorPriv.h for packing)
+ kLastConfig = kARGB_8888_Config,
};
// do not add this to the Config enum, otherwise the compiler will let us
diff --git a/core/SkFlattenableBuffers.h b/core/SkFlattenableBuffers.h
index 03c03f3..b3f3684 100644
--- a/core/SkFlattenableBuffers.h
+++ b/core/SkFlattenableBuffers.h
@@ -41,14 +41,20 @@
kCrossProcess_Flag = 1 << 0,
kScalarIsFloat_Flag = 1 << 1,
kPtrIs64Bit_Flag = 1 << 2,
+ /** The kValidation_Flag is used to force stream validations (by making
+ * sure that no operation reads past the end of the stream, for example)
+ * and error handling if any reading operation yields an invalid value.
+ */
+ kValidation_Flag = 1 << 3,
};
void setFlags(uint32_t flags) { fFlags = flags; }
uint32_t getFlags() const { return fFlags; }
- bool isCrossProcess() const { return SkToBool(fFlags & kCrossProcess_Flag); }
+ bool isCrossProcess() const { return SkToBool(fFlags & (kCrossProcess_Flag | kValidation_Flag)); }
bool isScalarFloat() const { return SkToBool(fFlags & kScalarIsFloat_Flag); }
bool isPtr64Bit() const { return SkToBool(fFlags & kPtrIs64Bit_Flag); }
+ bool isValidating() const { return SkToBool(fFlags & kValidation_Flag); }
// primitives
virtual bool readBool() = 0;
@@ -102,6 +108,13 @@
return static_cast<T*>(this->readFlattenable());
}
+ void validate(bool isValid) {
+ fError |= !isValid;
+ }
+
+protected:
+ bool fError;
+
private:
uint32_t fFlags;
};
@@ -154,13 +167,22 @@
enum Flags {
kCrossProcess_Flag = 0x01,
+ /** The kValidation_Flag is used here to make sure the write operation
+ * is symmetric with the read operation using the equivalent flag
+ * SkFlattenableReadBuffer::kValidation_Flag.
+ */
+ kValidation_Flag = 0x02,
};
uint32_t getFlags() const { return fFlags; }
void setFlags(uint32_t flags) { fFlags = flags; }
bool isCrossProcess() const {
- return SkToBool(fFlags & kCrossProcess_Flag);
+ return SkToBool(fFlags & (kCrossProcess_Flag | kValidation_Flag));
+ }
+
+ bool isValidating() const {
+ return SkToBool(fFlags & kValidation_Flag);
}
bool persistTypeface() const { return (fFlags & kCrossProcess_Flag) != 0; }
diff --git a/core/SkFlattenableSerialization.h b/core/SkFlattenableSerialization.h
index 2ed244c..33bbb38 100644
--- a/core/SkFlattenableSerialization.h
+++ b/core/SkFlattenableSerialization.h
@@ -13,7 +13,13 @@
class SkData;
class SkFlattenable;
-SK_API SkData* SkSerializeFlattenable(SkFlattenable*);
-SK_API SkFlattenable* SkDeserializeFlattenable(const void* data, size_t size);
+/**
+ * These utility functions are used by the chromium codebase to safely
+ * serialize and deserialize SkFlattenable objects. These aren't made for
+ * optimal speed, but rather designed with security in mind in order to
+ * prevent Skia from being an entry point for potential attacks.
+ */
+SK_API SkData* SkValidatingSerializeFlattenable(SkFlattenable*);
+SK_API SkFlattenable* SkValidatingDeserializeFlattenable(const void* data, size_t size);
#endif
diff --git a/core/SkRect.h b/core/SkRect.h
index d8919ae..bd5d026 100644
--- a/core/SkRect.h
+++ b/core/SkRect.h
@@ -100,6 +100,8 @@
*/
bool isEmpty() const { return fLeft >= fRight || fTop >= fBottom; }
+ bool isInverted() const { return fLeft > fRight || fTop > fBottom; }
+
bool isLargest() const { return SK_MinS32 == fLeft &&
SK_MinS32 == fTop &&
SK_MaxS32 == fRight &&
@@ -419,6 +421,8 @@
*/
bool isEmpty() const { return fLeft >= fRight || fTop >= fBottom; }
+ bool isInverted() const { return fLeft > fRight || fTop > fBottom; }
+
/**
* Returns true iff all values in the rect are finite. If any are
* infinite or NaN (or SK_FixedNaN when SkScalar is fixed) then this