Google Git
Sign in
android / platform / external / chromium_org / third_party / skia / include / eeed877^! / .
commiteeed87706986459e697e0fb872e95e402be3ea7a[log] [tgz]
authorcommit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>Fri Sep 13 12:39:34 2013 +0000
committercommit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>Fri Sep 13 12:39:34 2013 +0000
tree2b9bba0661dd2d14ffdc8d0046c5eed2776878a2
parentf2febcc07f11d5ba51a9489258519a1d4d11b51f [diff]
Initial error handling code

I made it as simple as possible. The impact seems minimal and it should do what's necessary to make this code secure.

BUG=
R=reed@google.com, scroggo@google.com, djsollen@google.com, sugoi@google.com, bsalomon@google.com, mtklein@google.com, senorblanco@google.com, senorblanco@chromium.org

Author: sugoi@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23021015

git-svn-id: http://skia.googlecode.com/svn/trunk/include@11247 2bbb7eff-a529-9590-31e7-b0007b416f81

diff --git a/core/SkBitmap.h b/core/SkBitmap.h
index 887169c..79b6fa6 100644
--- a/core/SkBitmap.h
+++ b/core/SkBitmap.h

@@ -52,6 +52,7 @@
         kRGB_565_Config,    //!< 16-bits per pixel, (see SkColorPriv.h for packing)
         kARGB_4444_Config,  //!< 16-bits per pixel, (see SkColorPriv.h for packing)
         kARGB_8888_Config,  //!< 32-bits per pixel, (see SkColorPriv.h for packing)
+        kLastConfig = kARGB_8888_Config,
     };
 
     // do not add this to the Config enum, otherwise the compiler will let us

diff --git a/core/SkFlattenableBuffers.h b/core/SkFlattenableBuffers.h
index 03c03f3..b3f3684 100644
--- a/core/SkFlattenableBuffers.h
+++ b/core/SkFlattenableBuffers.h

@@ -41,14 +41,20 @@
         kCrossProcess_Flag      = 1 << 0,
         kScalarIsFloat_Flag     = 1 << 1,
         kPtrIs64Bit_Flag        = 1 << 2,
+        /** The kValidation_Flag is used to force stream validations (by making
+         * sure that no operation reads past the end of the stream, for example)
+         * and error handling if any reading operation yields an invalid value.
+         */
+        kValidation_Flag        = 1 << 3,
     };
 
     void setFlags(uint32_t flags) { fFlags = flags; }
     uint32_t getFlags() const { return fFlags; }
 
-    bool isCrossProcess() const { return SkToBool(fFlags & kCrossProcess_Flag); }
+    bool isCrossProcess() const { return SkToBool(fFlags & (kCrossProcess_Flag | kValidation_Flag)); }
     bool isScalarFloat() const { return SkToBool(fFlags & kScalarIsFloat_Flag); }
     bool isPtr64Bit() const { return SkToBool(fFlags & kPtrIs64Bit_Flag); }
+    bool isValidating() const { return SkToBool(fFlags & kValidation_Flag); }
 
     // primitives
     virtual bool readBool() = 0;
@@ -102,6 +108,13 @@
         return static_cast<T*>(this->readFlattenable());
     }
 
+    void validate(bool isValid) {
+        fError |= !isValid;
+    }
+
+protected:
+    bool fError;
+
 private:
     uint32_t fFlags;
 };
@@ -154,13 +167,22 @@
 
     enum Flags {
         kCrossProcess_Flag               = 0x01,
+        /** The kValidation_Flag is used here to make sure the write operation
+         *  is symmetric with the read operation using the equivalent flag
+         *  SkFlattenableReadBuffer::kValidation_Flag.
+         */
+        kValidation_Flag                 = 0x02,
     };
 
     uint32_t getFlags() const { return fFlags; }
     void setFlags(uint32_t flags) { fFlags = flags; }
 
     bool isCrossProcess() const {
-        return SkToBool(fFlags & kCrossProcess_Flag);
+        return SkToBool(fFlags & (kCrossProcess_Flag | kValidation_Flag));
+    }
+
+    bool isValidating() const {
+        return SkToBool(fFlags & kValidation_Flag);
     }
 
     bool persistTypeface() const { return (fFlags & kCrossProcess_Flag) != 0; }

diff --git a/core/SkFlattenableSerialization.h b/core/SkFlattenableSerialization.h
index 2ed244c..33bbb38 100644
--- a/core/SkFlattenableSerialization.h
+++ b/core/SkFlattenableSerialization.h

@@ -13,7 +13,13 @@
 class SkData;
 class SkFlattenable;
 
-SK_API SkData* SkSerializeFlattenable(SkFlattenable*);
-SK_API SkFlattenable* SkDeserializeFlattenable(const void* data, size_t size);
+/**
+ *  These utility functions are used by the chromium codebase to safely
+ *  serialize and deserialize SkFlattenable objects. These aren't made for
+ *  optimal speed, but rather designed with security in mind in order to
+ *  prevent Skia from being an entry point for potential attacks.
+ */
+SK_API SkData* SkValidatingSerializeFlattenable(SkFlattenable*);
+SK_API SkFlattenable* SkValidatingDeserializeFlattenable(const void* data, size_t size);
 
 #endif

diff --git a/core/SkRect.h b/core/SkRect.h
index d8919ae..bd5d026 100644
--- a/core/SkRect.h
+++ b/core/SkRect.h

@@ -100,6 +100,8 @@
      */
     bool isEmpty() const { return fLeft >= fRight || fTop >= fBottom; }
 
+    bool isInverted() const { return fLeft > fRight || fTop > fBottom; }
+
     bool isLargest() const { return SK_MinS32 == fLeft &&
                                     SK_MinS32 == fTop &&
                                     SK_MaxS32 == fRight &&
@@ -419,6 +421,8 @@
      */
     bool isEmpty() const { return fLeft >= fRight || fTop >= fBottom; }
 
+    bool isInverted() const { return fLeft > fRight || fTop > fBottom; }
+
     /**
      *  Returns true iff all values in the rect are finite. If any are
      *  infinite or NaN (or SK_FixedNaN when SkScalar is fixed) then this