Bug 1465686 - validate SkArenaAlloc sizes. r=rhunt
authorLee Salzman <lsalzman@mozilla.com>
Fri, 01 Jun 2018 15:52:26 -0400
changeset 420945 9019db1eaddb79dbfd1d4c357765599499eb02b4
parent 420944 a1a0759ac7190ac9f726fcc6dae8a268c660e95b
child 420946 b23905eefff43264aae507f7dd8fc3b36eadccd7
push id34083
push userapavel@mozilla.com
push dateSat, 02 Jun 2018 23:03:25 +0000
treeherdermozilla-central@1f62ecdf59b6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrhunt
bugs1465686
milestone62.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1465686 - validate SkArenaAlloc sizes. r=rhunt MozReview-Commit-ID: Cc4cxKeF4xn
gfx/skia/skia/src/core/SkArenaAlloc.h
--- a/gfx/skia/skia/src/core/SkArenaAlloc.h
+++ b/gfx/skia/skia/src/core/SkArenaAlloc.h
@@ -107,44 +107,49 @@ public:
     sk_sp<T> makeSkSp(Args&&... args) {
         SkASSERT(SkTFitsIn<uint32_t>(sizeof(T)));
 
         // The arena takes a ref for itself to account for the destructor. The sk_sp count can't
         // become zero or the sk_sp will try to call free on the pointer.
         return sk_sp<T>(SkRef(this->make<T>(std::forward<Args>(args)...)));
     }
 
+    uint32_t safeU32(size_t n) {
+        SkASSERT_RELEASE(SkTFitsIn<uint32_t>(n));
+        return uint32_t(n);
+    }
+
     template <typename T>
     T* makeArrayDefault(size_t count) {
-        uint32_t safeCount = SkTo<uint32_t>(count);
+        uint32_t safeCount = safeU32(count);
         T* array = (T*)this->commonArrayAlloc<T>(safeCount);
 
         // If T is primitive then no initialization takes place.
         for (size_t i = 0; i < safeCount; i++) {
             new (&array[i]) T;
         }
         return array;
     }
 
     template <typename T>
     T* makeArray(size_t count) {
-        uint32_t safeCount = SkTo<uint32_t>(count);
+        uint32_t safeCount = safeU32(count);
         T* array = (T*)this->commonArrayAlloc<T>(safeCount);
 
         // If T is primitive then the memory is initialized. For example, an array of chars will
         // be zeroed.
         for (size_t i = 0; i < safeCount; i++) {
             new (&array[i]) T();
         }
         return array;
     }
 
     // Only use makeBytesAlignedTo if none of the typed variants are impractical to use.
     void* makeBytesAlignedTo(size_t size, size_t align) {
-        auto objStart = this->allocObject(SkTo<uint32_t>(size), SkTo<uint32_t>(align));
+        auto objStart = this->allocObject(safeU32(size), safeU32(align));
         fCursor = objStart + size;
         return objStart;
     }
 
     // Destroy all allocated objects, free any heap allocations.
     void reset();
 
 private: