From c31bb870f274455197749cceea48c45c4b905d6e Mon Sep 17 00:00:00 2001 From: robertphillips Date: Tue, 28 Jun 2016 11:02:30 -0700 Subject: [PATCH] Tighten up masking of colorType & alphaType in SkImageInfo serialization (for fuzzer bug) In this case the int that contains the color and alpha types is getting munged. We don't really case that the surplus bits are 0 just that the values we care about are reasonable. GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2110493002 Review-Url: https://codereview.chromium.org/2110493002 --- src/core/SkImageInfo.cpp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/core/SkImageInfo.cpp b/src/core/SkImageInfo.cpp index b3b9c385d8..75c6807d17 100644 --- a/src/core/SkImageInfo.cpp +++ b/src/core/SkImageInfo.cpp @@ -22,14 +22,16 @@ SkImageInfo SkImageInfo::MakeS32(int width, int height, SkAlphaType at) { SkColorSpace::NewNamed(SkColorSpace::kSRGB_Named)); } +static const int kColorTypeMask = 0x0F; +static const int kAlphaTypeMask = 0x03; + void SkImageInfo::unflatten(SkReadBuffer& buffer) { fWidth = buffer.read32(); fHeight = buffer.read32(); uint32_t packed = buffer.read32(); - SkASSERT(0 == (packed >> 24)); - fColorType = (SkColorType)((packed >> 0) & 0xFF); - fAlphaType = (SkAlphaType)((packed >> 8) & 0xFF); + fColorType = (SkColorType)((packed >> 0) & kColorTypeMask); + fAlphaType = (SkAlphaType)((packed >> 8) & kAlphaTypeMask); buffer.validate(alpha_type_is_valid(fAlphaType) && color_type_is_valid(fColorType)); sk_sp data = buffer.readByteArrayAsData(); @@ -40,8 +42,8 @@ void SkImageInfo::flatten(SkWriteBuffer& buffer) const { buffer.write32(fWidth); buffer.write32(fHeight); - SkASSERT(0 == (fAlphaType & ~0xFF)); - SkASSERT(0 == (fColorType & ~0xFF)); + SkASSERT(0 == (fAlphaType & ~kAlphaTypeMask)); + SkASSERT(0 == (fColorType & ~kColorTypeMask)); uint32_t packed = (fAlphaType << 8) | fColorType; buffer.write32(packed); -- 2.34.1