commit 82fdab48abff0b07f99a1d036933e1cc82f51b24
author Herb Derby <herb@google.com> Thu May 13 13:56:53 2021 -0400
committer Skia Commit-Bot <skia-commit-bot@chromium.org> Thu May 13 19:42:43 2021 +0000
tree 4096d0f9c31533b9b868d37e23a51445d7c9c407
parent 65299907634abe53e697cef25df72f2c11cdabd8

reject sizes that will overflow in SkSpan

Change-Id: Ie1eac40fe678529410f3ae4ab0cc7460dedfa4c2
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/408296
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Herb Derby <herb@google.com>

include/core/SkSpan.h

diff --git a/include/core/SkSpan.h b/include/core/SkSpan.h
index 5e1ad5b..b09ec867 100644
--- a/include/core/SkSpan.h
+++ b/include/core/SkSpan.h
@@ -26,7 +26,9 @@
 class SkSpan {
 public:
     constexpr SkSpan() : fPtr{nullptr}, fSize{0} {}
-    constexpr SkSpan(T* ptr, size_t size) : fPtr{ptr}, fSize{size} {}
+    constexpr SkSpan(T* ptr, size_t size) : fPtr{ptr}, fSize{size} {
+        SkASSERT(size < kMaxSize);
+    }
     template <typename U, typename = typename std::enable_if<std::is_same<const U, T>::value>::type>
     constexpr SkSpan(const SkSpan<U>& that) : fPtr(that.data()), fSize{that.size()} {}
     constexpr SkSpan(const SkSpan& o) = default;
@@ -65,6 +67,7 @@
     }
 
 private:
+    static constexpr size_t kMaxSize = std::numeric_limits<size_t>::max() / sizeof(T);
     T* fPtr;
     size_t fSize;
 };