From 48a2fac4f04a56d2e1cd7b2e61069fd06d39c1a9 Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Mon, 27 Mar 2017 14:24:34 -0400 Subject: Fix some ASAN issues in fx_skia_device MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Flush is needed in ~CFX_FxgeDevice, otherwise it may be called after deleting the bitmap, when calling the destructor of the skia device driver. - SkDashPathEffect::Make copies the given intervals instead of owning them, so free the input to that method. - If StartDIBits creates a new CFX_ImageRenderer, then the corresponding CancelDIBits needs to delete the handle. Bug: chromium:705131 Change-Id: I22c7c51a4070e73538eb8af51a60afeaa67f8bb7 Reviewed-on: https://pdfium-review.googlesource.com/3230 Commit-Queue: Nicolás Peña Commit-Queue: dsinclair Reviewed-by: dsinclair --- core/fxge/skia/fx_skia_device.cpp | 22 +++++++++++++++------- core/fxge/skia/fx_skia_device.h | 2 +- 2 files changed, 16 insertions(+), 8 deletions(-) (limited to 'core/fxge/skia') diff --git a/core/fxge/skia/fx_skia_device.cpp b/core/fxge/skia/fx_skia_device.cpp index 208b763b8f..a9cf7e67c7 100644 --- a/core/fxge/skia/fx_skia_device.cpp +++ b/core/fxge/skia/fx_skia_device.cpp @@ -1171,7 +1171,8 @@ void CFX_SkiaDeviceDriver::PaintStroke(SkPaint* spaint, SkTMin(deviceUnits[0].length(), deviceUnits[1].length())); if (pGraphState->m_DashArray) { int count = (pGraphState->m_DashCount + 1) / 2; - SkScalar* intervals = FX_Alloc2D(SkScalar, count, sizeof(SkScalar)); + std::unique_ptr intervals( + FX_Alloc2D(SkScalar, count, sizeof(SkScalar))); // Set dash pattern for (int i = 0; i < count; i++) { float on = pGraphState->m_DashArray[i * 2]; @@ -1182,11 +1183,11 @@ void CFX_SkiaDeviceDriver::PaintStroke(SkPaint* spaint, : pGraphState->m_DashArray[i * 2 + 1]; if (off < 0) off = 0; - intervals[i * 2] = on; - intervals[i * 2 + 1] = off; + intervals.get()[i * 2] = on; + intervals.get()[i * 2 + 1] = off; } - spaint->setPathEffect( - SkDashPathEffect::Make(intervals, count * 2, pGraphState->m_DashPhase)); + spaint->setPathEffect(SkDashPathEffect::Make(intervals.get(), count * 2, + pGraphState->m_DashPhase)); } spaint->setStyle(SkPaint::kStroke_Style); spaint->setAntiAlias(true); @@ -2009,6 +2010,15 @@ bool CFX_SkiaDeviceDriver::StartDIBits(const CFX_DIBSource* pSource, return true; } +void CFX_SkiaDeviceDriver::CancelDIBits(void* handle) { +#ifdef _SKIA_SUPPORT_PATHS_ + if (!m_pBitmap->GetBuffer()) + return; + + delete reinterpret_cast(handle); +#endif // _SKIA_SUPPORT_PATHS_ +} + bool CFX_SkiaDeviceDriver::ContinueDIBits(void* handle, IFX_Pause* pPause) { #ifdef _SKIA_SUPPORT_ m_pCache->FlushForDraw(); @@ -2213,9 +2223,7 @@ bool CFX_FxgeDevice::Create(int width, } CFX_FxgeDevice::~CFX_FxgeDevice() { -#ifdef _SKIA_SUPPORT_ Flush(); -#endif // _SKIA_SUPPORT_ // call destructor of CFX_RenderDevice / CFX_SkiaDeviceDriver immediately if (m_bOwnedBitmap && GetBitmap()) delete GetBitmap(); diff --git a/core/fxge/skia/fx_skia_device.h b/core/fxge/skia/fx_skia_device.h index b26ebdd724..494e6e1c44 100644 --- a/core/fxge/skia/fx_skia_device.h +++ b/core/fxge/skia/fx_skia_device.h @@ -122,7 +122,7 @@ class CFX_SkiaDeviceDriver : public IFX_RenderDeviceDriver { bool ContinueDIBits(void* handle, IFX_Pause* pPause) override; - void CancelDIBits(void* handle) override {} + void CancelDIBits(void* handle) override; bool DrawBitsWithMask(const CFX_DIBSource* pBitmap, const CFX_DIBSource* pMask, -- cgit v1.2.3