From 42856eb4f11a13391fbbeb80481d543568404cd7 Mon Sep 17 00:00:00 2001 From: "henry.uh_chen" Date: Thu, 3 Jul 2014 20:40:22 +0800 Subject: [PATCH] [Bitmap] Add null pointer protection in Bitmap_sameAs() Symptom: SkBitmap::getAddr(int, int) may return NULL due to unrecognized config (ex: kRLE_Index8_Config). This will cause memcmp method to crash. Since bm0 and bm1 both have pixel data() (have passed NULL == getPixels() check), those 2 bitmaps should be valid (only unrecognized), we return JNI_FALSE to warn user those 2 unrecognized config bitmaps may be different. Change-Id: I6970c27de412110a3035d0a783112c4cd3ebc35b --- core/jni/android/graphics/Bitmap.cpp | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) mode change 100644 => 100755 core/jni/android/graphics/Bitmap.cpp diff --git a/core/jni/android/graphics/Bitmap.cpp b/core/jni/android/graphics/Bitmap.cpp old mode 100644 new mode 100755 index d97a945bbef88..040225e331601 --- a/core/jni/android/graphics/Bitmap.cpp +++ b/core/jni/android/graphics/Bitmap.cpp @@ -775,7 +775,19 @@ static jboolean Bitmap_sameAs(JNIEnv* env, jobject, jlong bm0Handle, const int h = bm0->height(); const size_t size = bm0->width() * bm0->bytesPerPixel(); for (int y = 0; y < h; y++) { - if (memcmp(bm0->getAddr(0, y), bm1->getAddr(0, y), size) != 0) { + // SkBitmap::getAddr(int, int) may return NULL due to unrecognized config + // (ex: kRLE_Index8_Config). This will cause memcmp method to crash. Since bm0 + // and bm1 both have pixel data() (have passed NULL == getPixels() check), + // those 2 bitmaps should be valid (only unrecognized), we return JNI_FALSE + // to warn user those 2 unrecognized config bitmaps may be different. + void *bm0Addr = bm0->getAddr(0, y); + void *bm1Addr = bm1->getAddr(0, y); + + if(bm0Addr == NULL || bm1Addr == NULL) { + return JNI_FALSE; + } + + if (memcmp(bm0Addr, bm1Addr, size) != 0) { return JNI_FALSE; } }