Fix heap buffer overflow
Bug: oss-fuzz:11040
Because we're sampling, the offset ends up the same as the width. Back
up to the left enough to fit the bytes we will write.
Change-Id: Ie476a0191b66c2322446b9c0922f630d6e971645
Reviewed-on: https://skia-review.googlesource.com/c/164262
Commit-Queue: Leon Scroggins <scroggo@google.com>
Commit-Queue: Mike Klein <mtklein@google.com>
Auto-Submit: Leon Scroggins <scroggo@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
diff --git a/src/codec/SkSwizzler.cpp b/src/codec/SkSwizzler.cpp
index e1e2ecb..05636eb 100644
--- a/src/codec/SkSwizzler.cpp
+++ b/src/codec/SkSwizzler.cpp
@@ -1216,6 +1216,15 @@
fSwizzleWidth = get_scaled_dimension(fSrcWidth, sampleX);
fAllocatedWidth = get_scaled_dimension(fDstWidth, sampleX);
+ if (fDstOffsetBytes > 0) {
+ const size_t dstSwizzleBytes = fSwizzleWidth * fDstBPP;
+ const size_t dstAllocatedBytes = fAllocatedWidth * fDstBPP;
+ if (fDstOffsetBytes + dstSwizzleBytes > dstAllocatedBytes) {
+ SkASSERT(dstSwizzleBytes < dstAllocatedBytes);
+ fDstOffsetBytes = dstAllocatedBytes - dstSwizzleBytes;
+ }
+ }
+
// The optimized swizzler functions do not support sampling. Sampled swizzles
// are already fast because they skip pixels. We haven't seen a situation
// where speeding up sampling has a significant impact on total decode time.