diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-02-17 22:11:40 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-02-17 22:16:02 +0100 |
commit | 33420c43a2c88f87fec17d4196229d1b6afc9999 (patch) | |
tree | e03859ebe40a3a7d1ff1a2b3b8db56a78a891471 | |
parent | ce9d45fc59c4e8a1fa6a7f7ff8ae31c20ab7950c (diff) | |
download | UXP-33420c43a2c88f87fec17d4196229d1b6afc9999.tar UXP-33420c43a2c88f87fec17d4196229d1b6afc9999.tar.gz UXP-33420c43a2c88f87fec17d4196229d1b6afc9999.tar.lz UXP-33420c43a2c88f87fec17d4196229d1b6afc9999.tar.xz UXP-33420c43a2c88f87fec17d4196229d1b6afc9999.zip |
Skia: Validate allocation size in GrBufferAllocPool using SkSafeMath.
Upstream port of commit 7469a9341afab19271b8ef07af5c16a0f2c4ccc1
-rw-r--r-- | gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp b/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp index 993e1c59d..c6097b03b 100644 --- a/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp +++ b/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp @@ -152,13 +152,18 @@ void* GrBufferAllocPool::makeSpace(size_t size, BufferBlock& back = fBlocks.back(); size_t usedBytes = back.fBuffer->gpuMemorySize() - back.fBytesFree; size_t pad = GrSizeAlignUpPad(usedBytes, alignment); - if ((size + pad) <= back.fBytesFree) { + SkSafeMath safeMath; + size_t alignedSize = safeMath.add(pad, size); + if (!safeMath.ok()) { + return nullptr; + } + if (alignedSize <= back.fBytesFree) { memset((void*)(reinterpret_cast<intptr_t>(fBufferPtr) + usedBytes), 0, pad); usedBytes += pad; *offset = usedBytes; *buffer = back.fBuffer; - back.fBytesFree -= size + pad; - fBytesInUse += size + pad; + back.fBytesFree -= alignedSize; + fBytesInUse += alignedSize; VALIDATE(); return (void*)(reinterpret_cast<intptr_t>(fBufferPtr) + usedBytes); } |