summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-02-17 22:11:40 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-02-17 22:11:40 +0100
commitca3861669b4507ab9295370ee14d4f1d6b87e0c2 (patch)
treec60fd63ce7791f10cf78a19736a875bfac8ff39d
parent91903016bd260ffdb10d374900741ede33df2020 (diff)
downloadUXP-ca3861669b4507ab9295370ee14d4f1d6b87e0c2.tar
UXP-ca3861669b4507ab9295370ee14d4f1d6b87e0c2.tar.gz
UXP-ca3861669b4507ab9295370ee14d4f1d6b87e0c2.tar.lz
UXP-ca3861669b4507ab9295370ee14d4f1d6b87e0c2.tar.xz
UXP-ca3861669b4507ab9295370ee14d4f1d6b87e0c2.zip
Skia: Validate allocation size in GrBufferAllocPool using SkSafeMath.
Upstream port of commit 7469a9341afab19271b8ef07af5c16a0f2c4ccc1
-rw-r--r--gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp11
1 files changed, 8 insertions, 3 deletions
diff --git a/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp b/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp
index 993e1c59d..c6097b03b 100644
--- a/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp
+++ b/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp
@@ -152,13 +152,18 @@ void* GrBufferAllocPool::makeSpace(size_t size,
BufferBlock& back = fBlocks.back();
size_t usedBytes = back.fBuffer->gpuMemorySize() - back.fBytesFree;
size_t pad = GrSizeAlignUpPad(usedBytes, alignment);
- if ((size + pad) <= back.fBytesFree) {
+ SkSafeMath safeMath;
+ size_t alignedSize = safeMath.add(pad, size);
+ if (!safeMath.ok()) {
+ return nullptr;
+ }
+ if (alignedSize <= back.fBytesFree) {
memset((void*)(reinterpret_cast<intptr_t>(fBufferPtr) + usedBytes), 0, pad);
usedBytes += pad;
*offset = usedBytes;
*buffer = back.fBuffer;
- back.fBytesFree -= size + pad;
- fBytesInUse += size + pad;
+ back.fBytesFree -= alignedSize;
+ fBytesInUse += alignedSize;
VALIDATE();
return (void*)(reinterpret_cast<intptr_t>(fBufferPtr) + usedBytes);
}