This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.0 in repository pale-moon. commit 33420c43a2c88f87fec17d4196229d1b6afc9999 Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Sun Feb 17 22:11:40 2019 +0100 Skia: Validate allocation size in GrBufferAllocPool using SkSafeMath. Upstream port of commit 7469a9341afab19271b8ef07af5c16a0f2c4ccc1 --- gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp b/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp index 993e1c5..c6097b0 100644 --- a/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp +++ b/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp @@ -152,13 +152,18 @@ void* GrBufferAllocPool::makeSpace(size_t size, BufferBlock& back = fBlocks.back(); size_t usedBytes = back.fBuffer->gpuMemorySize() - back.fBytesFree; size_t pad = GrSizeAlignUpPad(usedBytes, alignment); - if ((size + pad) <= back.fBytesFree) { + SkSafeMath safeMath; + size_t alignedSize = safeMath.add(pad, size); + if (!safeMath.ok()) { + return nullptr; + } + if (alignedSize <= back.fBytesFree) { memset((void*)(reinterpret_cast<intptr_t>(fBufferPtr) + usedBytes), 0, pad); usedBytes += pad; *offset = usedBytes; *buffer = back.fBuffer; - back.fBytesFree -= size + pad; - fBytesInUse += size + pad; + back.fBytesFree -= alignedSize; + fBytesInUse += alignedSize; VALIDATE(); return (void*)(reinterpret_cast<intptr_t>(fBufferPtr) + usedBytes); } -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git