1 /*
2 * Copyright 2013 Google Inc.
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8 #include "SkBitmap.h"
9 #include "SkValidatingReadBuffer.h"
10 #include "SkStream.h"
11 #include "SkTypeface.h"
12
SkValidatingReadBuffer(const void * data,size_t size)13 SkValidatingReadBuffer::SkValidatingReadBuffer(const void* data, size_t size) :
14 fError(false) {
15 this->setMemory(data, size);
16 this->setFlags(SkReadBuffer::kValidation_Flag);
17 }
18
~SkValidatingReadBuffer()19 SkValidatingReadBuffer::~SkValidatingReadBuffer() {
20 }
21
validate(bool isValid)22 bool SkValidatingReadBuffer::validate(bool isValid) {
23 if (!fError && !isValid) {
24 // When an error is found, send the read cursor to the end of the stream
25 fReader.skip(fReader.available());
26 fError = true;
27 }
28 return !fError;
29 }
30
isValid() const31 bool SkValidatingReadBuffer::isValid() const {
32 return !fError;
33 }
34
setMemory(const void * data,size_t size)35 void SkValidatingReadBuffer::setMemory(const void* data, size_t size) {
36 this->validate(IsPtrAlign4(data) && (SkAlign4(size) == size));
37 if (!fError) {
38 fReader.setMemory(data, size);
39 }
40 }
41
skip(size_t size)42 const void* SkValidatingReadBuffer::skip(size_t size) {
43 size_t inc = SkAlign4(size);
44 this->validate(inc >= size);
45 const void* addr = fReader.peek();
46 this->validate(IsPtrAlign4(addr) && fReader.isAvailable(inc));
47 if (fError) {
48 return nullptr;
49 }
50
51 fReader.skip(size);
52 return addr;
53 }
54
55 // All the methods in this file funnel down into either readInt(), readScalar() or skip(),
56 // followed by a memcpy. So we've got all our validation in readInt(), readScalar() and skip();
57 // if they fail they'll return a zero value or skip nothing, respectively, and set fError to
58 // true, which the caller should check to see if an error occurred during the read operation.
59
readBool()60 bool SkValidatingReadBuffer::readBool() {
61 uint32_t value = this->readInt();
62 // Boolean value should be either 0 or 1
63 this->validate(!(value & ~1));
64 return value != 0;
65 }
66
readColor()67 SkColor SkValidatingReadBuffer::readColor() {
68 return this->readInt();
69 }
70
readInt()71 int32_t SkValidatingReadBuffer::readInt() {
72 const size_t inc = sizeof(int32_t);
73 this->validate(IsPtrAlign4(fReader.peek()) && fReader.isAvailable(inc));
74 return fError ? 0 : fReader.readInt();
75 }
76
readScalar()77 SkScalar SkValidatingReadBuffer::readScalar() {
78 const size_t inc = sizeof(SkScalar);
79 this->validate(IsPtrAlign4(fReader.peek()) && fReader.isAvailable(inc));
80 return fError ? 0 : fReader.readScalar();
81 }
82
readUInt()83 uint32_t SkValidatingReadBuffer::readUInt() {
84 return this->readInt();
85 }
86
read32()87 int32_t SkValidatingReadBuffer::read32() {
88 return this->readInt();
89 }
90
peekByte()91 uint8_t SkValidatingReadBuffer::peekByte() {
92 if (fReader.available() <= 0) {
93 fError = true;
94 return 0;
95 }
96 return *((uint8_t*) fReader.peek());
97 }
98
readString(SkString * string)99 void SkValidatingReadBuffer::readString(SkString* string) {
100 const size_t len = this->readUInt();
101 const void* ptr = fReader.peek();
102 const char* cptr = (const char*)ptr;
103
104 // skip over the string + '\0' and then pad to a multiple of 4
105 const size_t alignedSize = SkAlign4(len + 1);
106 this->skip(alignedSize);
107 if (!fError) {
108 this->validate(cptr[len] == '\0');
109 }
110 if (!fError) {
111 string->set(cptr, len);
112 }
113 }
114
readColor4f(SkColor4f * color)115 void SkValidatingReadBuffer::readColor4f(SkColor4f* color) {
116 const void* ptr = this->skip(sizeof(SkColor4f));
117 if (!fError) {
118 memcpy(color, ptr, sizeof(SkColor4f));
119 }
120 }
121
readPoint(SkPoint * point)122 void SkValidatingReadBuffer::readPoint(SkPoint* point) {
123 point->fX = this->readScalar();
124 point->fY = this->readScalar();
125 }
126
readMatrix(SkMatrix * matrix)127 void SkValidatingReadBuffer::readMatrix(SkMatrix* matrix) {
128 size_t size = 0;
129 if (!fError) {
130 size = matrix->readFromMemory(fReader.peek(), fReader.available());
131 this->validate((SkAlign4(size) == size) && (0 != size));
132 }
133 if (!fError) {
134 (void)this->skip(size);
135 }
136 }
137
readIRect(SkIRect * rect)138 void SkValidatingReadBuffer::readIRect(SkIRect* rect) {
139 const void* ptr = this->skip(sizeof(SkIRect));
140 if (!fError) {
141 memcpy(rect, ptr, sizeof(SkIRect));
142 }
143 }
144
readRect(SkRect * rect)145 void SkValidatingReadBuffer::readRect(SkRect* rect) {
146 const void* ptr = this->skip(sizeof(SkRect));
147 if (!fError) {
148 memcpy(rect, ptr, sizeof(SkRect));
149 }
150 }
151
readRRect(SkRRect * rrect)152 void SkValidatingReadBuffer::readRRect(SkRRect* rrect) {
153 const void* ptr = this->skip(sizeof(SkRRect));
154 if (!fError) {
155 memcpy(rrect, ptr, sizeof(SkRRect));
156 this->validate(rrect->isValid());
157 }
158
159 if (fError) {
160 rrect->setEmpty();
161 }
162 }
163
readRegion(SkRegion * region)164 void SkValidatingReadBuffer::readRegion(SkRegion* region) {
165 size_t size = 0;
166 if (!fError) {
167 size = region->readFromMemory(fReader.peek(), fReader.available());
168 this->validate((SkAlign4(size) == size) && (0 != size));
169 }
170 if (!fError) {
171 (void)this->skip(size);
172 }
173 }
174
readPath(SkPath * path)175 void SkValidatingReadBuffer::readPath(SkPath* path) {
176 size_t size = 0;
177 if (!fError) {
178 size = path->readFromMemory(fReader.peek(), fReader.available());
179 this->validate((SkAlign4(size) == size) && (0 != size));
180 }
181 if (!fError) {
182 (void)this->skip(size);
183 }
184 }
185
readArray(void * value,size_t size,size_t elementSize)186 bool SkValidatingReadBuffer::readArray(void* value, size_t size, size_t elementSize) {
187 const uint32_t count = this->getArrayCount();
188 this->validate(size == count);
189 (void)this->skip(sizeof(uint32_t)); // Skip array count
190 const uint64_t byteLength64 = sk_64_mul(count, elementSize);
191 const size_t byteLength = count * elementSize;
192 this->validate(byteLength == byteLength64);
193 const void* ptr = this->skip(SkAlign4(byteLength));
194 if (!fError) {
195 memcpy(value, ptr, byteLength);
196 return true;
197 }
198 return false;
199 }
200
readByteArray(void * value,size_t size)201 bool SkValidatingReadBuffer::readByteArray(void* value, size_t size) {
202 return this->readArray(static_cast<unsigned char*>(value), size, sizeof(unsigned char));
203 }
204
readColorArray(SkColor * colors,size_t size)205 bool SkValidatingReadBuffer::readColorArray(SkColor* colors, size_t size) {
206 return this->readArray(colors, size, sizeof(SkColor));
207 }
208
readColor4fArray(SkColor4f * colors,size_t size)209 bool SkValidatingReadBuffer::readColor4fArray(SkColor4f* colors, size_t size) {
210 return this->readArray(colors, size, sizeof(SkColor4f));
211 }
212
readIntArray(int32_t * values,size_t size)213 bool SkValidatingReadBuffer::readIntArray(int32_t* values, size_t size) {
214 return this->readArray(values, size, sizeof(int32_t));
215 }
216
readPointArray(SkPoint * points,size_t size)217 bool SkValidatingReadBuffer::readPointArray(SkPoint* points, size_t size) {
218 return this->readArray(points, size, sizeof(SkPoint));
219 }
220
readScalarArray(SkScalar * values,size_t size)221 bool SkValidatingReadBuffer::readScalarArray(SkScalar* values, size_t size) {
222 return this->readArray(values, size, sizeof(SkScalar));
223 }
224
getArrayCount()225 uint32_t SkValidatingReadBuffer::getArrayCount() {
226 const size_t inc = sizeof(uint32_t);
227 fError = fError || !IsPtrAlign4(fReader.peek()) || !fReader.isAvailable(inc);
228 return fError ? 0 : *(uint32_t*)fReader.peek();
229 }
230
validateAvailable(size_t size)231 bool SkValidatingReadBuffer::validateAvailable(size_t size) {
232 return this->validate((size <= SK_MaxU32) && fReader.isAvailable(static_cast<uint32_t>(size)));
233 }
234
readFlattenable(SkFlattenable::Type type)235 SkFlattenable* SkValidatingReadBuffer::readFlattenable(SkFlattenable::Type type) {
236 // The validating read buffer always uses strings and string-indices for unflattening.
237 SkASSERT(0 == this->factoryCount());
238
239 uint8_t firstByte = this->peekByte();
240 if (fError) {
241 return nullptr;
242 }
243
244 SkString name;
245 if (firstByte) {
246 // If the first byte is non-zero, the flattenable is specified by a string.
247 this->readString(&name);
248 if (fError) {
249 return nullptr;
250 }
251
252 // Add the string to the dictionary.
253 fFlattenableDict.set(fFlattenableDict.count() + 1, name);
254 } else {
255 // Read the index. We are guaranteed that the first byte
256 // is zeroed, so we must shift down a byte.
257 uint32_t index = this->readUInt() >> 8;
258 if (0 == index) {
259 return nullptr; // writer failed to give us the flattenable
260 }
261
262 SkString* namePtr = fFlattenableDict.find(index);
263 if (!namePtr) {
264 return nullptr;
265 }
266 name = *namePtr;
267 }
268
269 // Is this the type we wanted ?
270 const char* cname = name.c_str();
271 SkFlattenable::Type baseType;
272 if (!SkFlattenable::NameToType(cname, &baseType) || (baseType != type)) {
273 return nullptr;
274 }
275
276 // Get the factory for this flattenable.
277 SkFlattenable::Factory factory = this->getCustomFactory(name);
278 if (!factory) {
279 factory = SkFlattenable::NameToFactory(cname);
280 if (!factory) {
281 return nullptr; // writer failed to give us the flattenable
282 }
283 }
284
285 // If we get here, the factory is non-null.
286 sk_sp<SkFlattenable> obj;
287 uint32_t sizeRecorded = this->readUInt();
288 size_t offset = fReader.offset();
289 obj = (*factory)(*this);
290 // check that we read the amount we expected
291 size_t sizeRead = fReader.offset() - offset;
292 this->validate(sizeRecorded == sizeRead);
293 if (fError) {
294 obj = nullptr;
295 }
296 return obj.release();
297 }
298