check for crazy bounds from fuzzer

Bug: skia:7471
Change-Id: I1d6e2059a0c4f2b705d3b0fe2694f17b68c3ae5c
Reviewed-on: https://skia-review.googlesource.com/97122
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Mike Reed <reed@google.com>

2 files changed, 7 insertions, 0 deletions

diff --git a/fuzz/FuzzCanvas.cpp b/fuzz/FuzzCanvas.cpp
index 2e70024bd5..0334d85d36 100644
--- a/fuzz/FuzzCanvas.cpp
+++ b/fuzz/FuzzCanvas.cpp
@@ -1289,6 +1289,7 @@ static void fuzz_canvas(Fuzz* fuzz, SkCanvas* canvas, int depth = 9) {
                 canvas->drawOval(r, paint);
                 break;
             }
+            case 28: break; // must have deleted this some time earlier
             case 29: {
                 fuzz_paint(fuzz, &paint, depth - 1);
                 SkRRect rr;
diff --git a/src/core/SkCanvas.cpp b/src/core/SkCanvas.cpp
index 2429f5600f..0f079aac01 100644
--- a/src/core/SkCanvas.cpp
+++ b/src/core/SkCanvas.cpp
@@ -953,6 +953,9 @@ bool SkCanvas::clipRectBounds(const SkRect* bounds, SaveLayerFlags saveLayerFlag
 
     if (imageFilter) {
         clipBounds = imageFilter->filterBounds(clipBounds, ctm);
+        if (clipBounds.isEmpty()) {
+            return false;
+        }
         if (bounds && !imageFilter->canComputeFastBounds()) {
             bounds = nullptr;
         }
@@ -1395,6 +1398,9 @@ void SkCanvas::resetMatrix() {
 //////////////////////////////////////////////////////////////////////////////
 
 void SkCanvas::clipRect(const SkRect& rect, SkClipOp op, bool doAA) {
+    if (!rect.isFinite()) {
+        return;
+    }
     this->checkForDeferredSave();
     ClipEdgeStyle edgeStyle = doAA ? kSoft_ClipEdgeStyle : kHard_ClipEdgeStyle;
     this->onClipRect(rect, op, edgeStyle);