Fixing a clusterfuzz found issue
authorcommit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>
Fri, 30 May 2014 01:06:44 +0000 (01:06 +0000)
committercommit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>
Fri, 30 May 2014 01:06:44 +0000 (01:06 +0000)
BUG=378175
R=reed@google.com, sugoi@google.com

Author: sugoi@chromium.org

Review URL: https://codereview.chromium.org/306033003

git-svn-id: http://skia.googlecode.com/svn/trunk@14983 2bbb7eff-a529-9590-31e7-b0007b416f81

src/core/SkBitmap.cpp

index e5cc0d7fcd7b627bcecf57d4bde26c0567c2ba80..522dfb1ebb0bf5677600de315b5949b5f7b52d93 100644 (file)
@@ -1308,7 +1308,9 @@ bool SkBitmap::ReadRawPixels(SkReadBuffer* buffer, SkBitmap* bitmap) {
     const int height = info.height();
     const size_t snugSize = snugRB * height;
     const size_t ramSize = ramRB * height;
-    SkASSERT(snugSize <= ramSize);
+    if (!buffer->validate(snugSize <= ramSize)) {
+        return false;
+    }
 
     char* dst = (char*)sk_malloc_throw(ramSize);
     buffer->readByteArray(dst, snugSize);