From 025b3ef66aa030bb8a1e5f78a7d1e92696219649 Mon Sep 17 00:00:00 2001 From: "abarth@chromium.org" Date: Fri, 24 Apr 2009 00:31:12 +0000 Subject: Check the size of bitmaps coming over IPC. R=cpu BUG=10869 TEST=IPCMessageTest.Bitmap Review URL: http://codereview.chromium.org/92064 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@14398 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome/common/ipc_message_unittest.cc | 45 +++++++++++++++++++++++++++++++++++ chrome/common/ipc_message_utils.cc | 12 ++++++---- 2 files changed, 53 insertions(+), 4 deletions(-) diff --git a/chrome/common/ipc_message_unittest.cc b/chrome/common/ipc_message_unittest.cc index 643626e..cbf0f86 100644 --- a/chrome/common/ipc_message_unittest.cc +++ b/chrome/common/ipc_message_unittest.cc @@ -6,9 +6,12 @@ #include "chrome/common/ipc_message.h" #include "chrome/common/ipc_message_utils.h" +#include "base/scoped_ptr.h" #include "googleurl/src/gurl.h" #include "testing/gtest/include/gtest/gtest.h" +#include "SkBitmap.h" + // Tests that serialize/deserialize correctly understand each other TEST(IPCMessageTest, Serialize) { const char* serialize_cases[] = { @@ -47,3 +50,45 @@ TEST(IPCMessageTest, Serialize) { void* iter = NULL; EXPECT_FALSE(IPC::ParamTraits::Read(&msg, &iter, &output)); } + +// Tests bitmap serialization. +TEST(IPCMessageTest, Bitmap) { + SkBitmap bitmap; + + bitmap.setConfig(SkBitmap::kARGB_8888_Config, 10, 5); + bitmap.allocPixels(); + memset(bitmap.getPixels(), 'A', bitmap.getSize()); + + IPC::Message msg(1, 2, IPC::Message::PRIORITY_NORMAL); + IPC::ParamTraits::Write(&msg, bitmap); + + SkBitmap output; + void* iter = NULL; + EXPECT_TRUE(IPC::ParamTraits::Read(&msg, &iter, &output)); + + EXPECT_EQ(bitmap.config(), output.config()); + EXPECT_EQ(bitmap.width(), output.width()); + EXPECT_EQ(bitmap.height(), output.height()); + EXPECT_EQ(bitmap.rowBytes(), output.rowBytes()); + EXPECT_EQ(bitmap.getSize(), output.getSize()); + EXPECT_EQ(memcmp(bitmap.getPixels(), output.getPixels(), bitmap.getSize()), + 0); + + // Also test the corrupt case. + IPC::Message bad_msg(1, 2, IPC::Message::PRIORITY_NORMAL); + // Copy the first message block over to |bad_msg|. + const char* fixed_data; + int fixed_data_size; + iter = NULL; + msg.ReadData(&iter, &fixed_data, &fixed_data_size); + bad_msg.WriteData(fixed_data, fixed_data_size); + // Add some bogus pixel data. + const size_t bogus_pixels_size = bitmap.getSize() * 2; + scoped_ptr bogus_pixels(new char[bogus_pixels_size]); + memset(bogus_pixels.get(), 'B', bogus_pixels_size); + bad_msg.WriteData(bogus_pixels.get(), bogus_pixels_size); + // Make sure we don't read out the bitmap! + SkBitmap bad_output; + iter = NULL; + EXPECT_FALSE(IPC::ParamTraits::Read(&bad_msg, &iter, &bad_output)); +} diff --git a/chrome/common/ipc_message_utils.cc b/chrome/common/ipc_message_utils.cc index 36e8052..8ce3f4f 100644 --- a/chrome/common/ipc_message_utils.cc +++ b/chrome/common/ipc_message_utils.cc @@ -33,13 +33,18 @@ struct SkBitmap_Data { fRowBytes = bitmap.rowBytes(); } - void InitSkBitmapFromData(SkBitmap* bitmap, const char* pixels, + // Returns whether |bitmap| successfully initialized. + bool InitSkBitmapFromData(SkBitmap* bitmap, const char* pixels, size_t total_pixels) const { if (total_pixels) { bitmap->setConfig(fConfig, fWidth, fHeight, fRowBytes); - bitmap->allocPixels(); + if (!bitmap->allocPixels()) + return false; + if (total_pixels > bitmap->getSize()) + return false; memcpy(bitmap->getPixels(), pixels, total_pixels); } + return true; } }; @@ -78,8 +83,7 @@ bool ParamTraits::Read(const Message* m, void** iter, SkBitmap* r) { } const SkBitmap_Data* bmp_data = reinterpret_cast(fixed_data); - bmp_data->InitSkBitmapFromData(r, variable_data, variable_data_size); - return true; + return bmp_data->InitSkBitmapFromData(r, variable_data, variable_data_size); } void ParamTraits::Log(const SkBitmap& p, std::wstring* l) { -- cgit v1.1