diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-02-17 22:11:40 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-02-17 22:11:40 +0100 |
commit | ca3861669b4507ab9295370ee14d4f1d6b87e0c2 (patch) | |
tree | c60fd63ce7791f10cf78a19736a875bfac8ff39d /gfx | |
parent | 91903016bd260ffdb10d374900741ede33df2020 (diff) | |
download | UXP-ca3861669b4507ab9295370ee14d4f1d6b87e0c2.tar UXP-ca3861669b4507ab9295370ee14d4f1d6b87e0c2.tar.gz UXP-ca3861669b4507ab9295370ee14d4f1d6b87e0c2.tar.lz UXP-ca3861669b4507ab9295370ee14d4f1d6b87e0c2.tar.xz UXP-ca3861669b4507ab9295370ee14d4f1d6b87e0c2.zip |
Skia: Validate allocation size in GrBufferAllocPool using SkSafeMath.
Upstream port of commit 7469a9341afab19271b8ef07af5c16a0f2c4ccc1
Diffstat (limited to 'gfx')
-rw-r--r-- | gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp b/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp index 993e1c59d..c6097b03b 100644 --- a/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp +++ b/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp @@ -152,13 +152,18 @@ void* GrBufferAllocPool::makeSpace(size_t size, BufferBlock& back = fBlocks.back(); size_t usedBytes = back.fBuffer->gpuMemorySize() - back.fBytesFree; size_t pad = GrSizeAlignUpPad(usedBytes, alignment); - if ((size + pad) <= back.fBytesFree) { + SkSafeMath safeMath; + size_t alignedSize = safeMath.add(pad, size); + if (!safeMath.ok()) { + return nullptr; + } + if (alignedSize <= back.fBytesFree) { memset((void*)(reinterpret_cast<intptr_t>(fBufferPtr) + usedBytes), 0, pad); usedBytes += pad; *offset = usedBytes; *buffer = back.fBuffer; - back.fBytesFree -= size + pad; - fBytesInUse += size + pad; + back.fBytesFree -= alignedSize; + fBytesInUse += alignedSize; VALIDATE(); return (void*)(reinterpret_cast<intptr_t>(fBufferPtr) + usedBytes); } |