Bug 1465686 - Validate SkArenaAlloc sizes. r=rhunt, a=RyanVM
authorLee Salzman <lsalzman@mozilla.com>
Fri, 01 Jun 2018 15:52:26 -0400
changeset 805985 721c4672b93d253b92aa0adfcc828492986bd81c
parent 805984 3d398e273ea386e6c66d2d4687f88531eed33f46
child 805986 26f92aa2b9b2361692d7e3c5d769f80de6e0b386
push id112832
push userbballo@mozilla.com
push dateFri, 08 Jun 2018 21:11:22 +0000
reviewersrhunt, RyanVM
bugs1465686
milestone60.0.2
Bug 1465686 - Validate SkArenaAlloc sizes. r=rhunt, a=RyanVM MozReview-Commit-ID: Cc4cxKeF4xn
gfx/skia/skia/src/core/SkArenaAlloc.h
--- a/gfx/skia/skia/src/core/SkArenaAlloc.h
+++ b/gfx/skia/skia/src/core/SkArenaAlloc.h
@@ -107,44 +107,49 @@ public:
     sk_sp<T> makeSkSp(Args&&... args) {
         SkASSERT(SkTFitsIn<uint32_t>(sizeof(T)));
 
         // The arena takes a ref for itself to account for the destructor. The sk_sp count can't
         // become zero or the sk_sp will try to call free on the pointer.
         return sk_sp<T>(SkRef(this->make<T>(std::forward<Args>(args)...)));
     }
 
+    uint32_t safeU32(size_t n) {
+        SkASSERT_RELEASE(SkTFitsIn<uint32_t>(n));
+        return uint32_t(n);
+    }
+
     template <typename T>
     T* makeArrayDefault(size_t count) {
-        uint32_t safeCount = SkTo<uint32_t>(count);
+        uint32_t safeCount = safeU32(count);
         T* array = (T*)this->commonArrayAlloc<T>(safeCount);
 
         // If T is primitive then no initialization takes place.
         for (size_t i = 0; i < safeCount; i++) {
             new (&array[i]) T;
         }
         return array;
     }
 
     template <typename T>
     T* makeArray(size_t count) {
-        uint32_t safeCount = SkTo<uint32_t>(count);
+        uint32_t safeCount = safeU32(count);
         T* array = (T*)this->commonArrayAlloc<T>(safeCount);
 
         // If T is primitive then the memory is initialized. For example, an array of chars will
         // be zeroed.
         for (size_t i = 0; i < safeCount; i++) {
             new (&array[i]) T();
         }
         return array;
     }
 
     // Only use makeBytesAlignedTo if none of the typed variants are impractical to use.
     void* makeBytesAlignedTo(size_t size, size_t align) {
-        auto objStart = this->allocObject(SkTo<uint32_t>(size), SkTo<uint32_t>(align));
+        auto objStart = this->allocObject(safeU32(size), safeU32(align));
         fCursor = objStart + size;
         return objStart;
     }
 
     // Destroy all allocated objects, free any heap allocations.
     void reset();
 
 private: