diff options
| author |  caryclark <caryclark@google.com> | 2015-12-07 12:18:02 -0800 |
|---|---|---|
| committer |  Commit bot <commit-bot@chromium.org> | 2015-12-07 12:18:02 -0800 |
| commit | a3375e4251c4b2cbf0b5bbdcebfe911914496881 (patch) | |
| tree | f280017cf43b13cf4f9cc8cb72f29ad8500c0e21 | |
| parent | d4c24f67496ff2e5e83bc7ce7945cbb85484bfa6 (diff) | |
fix coincident fuzzer
This fuzzer has very large Y values that cause the
points to sort incorrectly by t. Exit out as soon
as this is detected.
TBR=reed@google.com
BUG=561121
Review URL: https://codereview.chromium.org/1507803002
| -rwxr-xr-x | src/pathops/SkOpCoincidence.cpp | 6 | ||||
| -rw-r--r-- | src/pathops/SkOpSegment.cpp | 3 | ||||
| -rw-r--r-- | tests/PathOpsSimplifyTest.cpp | 13 |
3 files changed, 22 insertions, 0 deletions
diff --git a/src/pathops/SkOpCoincidence.cpp b/src/pathops/SkOpCoincidence.cpp index 87bb913869..f56847787c 100755 --- a/src/pathops/SkOpCoincidence.cpp +++ b/src/pathops/SkOpCoincidence.cpp @@ -110,11 +110,17 @@ bool SkOpCoincidence::addExpanded(SkChunkAlloc* allocator if (startPart < oStartPart) { double newT = oStartPtT->fT + oStartRange * startPart; newPt = oStart->segment()->addT(newT, SkOpSegment::kAllowAlias, allocator); + if (!newPt) { + return false; + } newPt->fPt = test->pt(); test->ptT()->addOpp(newPt); } else { double newT = startPtT->fT + startRange * oStartPart; newPt = start->segment()->addT(newT, SkOpSegment::kAllowAlias, allocator); + if (!newPt) { + return false; + } newPt->fPt = oTest->pt(); oTest->ptT()->addOpp(newPt); } diff --git a/src/pathops/SkOpSegment.cpp b/src/pathops/SkOpSegment.cpp index 3b81cf2eed..d066794cee 100644 --- a/src/pathops/SkOpSegment.cpp +++ b/src/pathops/SkOpSegment.cpp @@ -362,6 +362,9 @@ SkOpPtT* SkOpSegment::addT(double t, AllowAlias allowAlias, SkChunkAlloc* alloca } if (t < result->fT) { SkOpSpan* prev = result->span()->prev(); + if (!prev) { + return nullptr; + } SkOpSpan* span = insert(prev, allocator); span->init(this, prev, t, pt); this->debugValidate(); diff --git a/tests/PathOpsSimplifyTest.cpp b/tests/PathOpsSimplifyTest.cpp index a4a33eb68c..70835d7e8a 100644 --- a/tests/PathOpsSimplifyTest.cpp +++ b/tests/PathOpsSimplifyTest.cpp @@ -5055,11 +5055,24 @@ path.close(); REPORTER_ASSERT(reporter, !Simplify(path, &path)); } +static void fuzz_59(skiatest::Reporter* reporter, const char* filename) { + SkPath path; +path.moveTo(SkBits2Float(0x430c0000), SkBits2Float(0xce58f41c)); // 140, -9.09969e+08f +path.lineTo(SkBits2Float(0x43480000), SkBits2Float(0xce58f419)); // 200, -9.09969e+08f +path.lineTo(SkBits2Float(0x42200000), SkBits2Float(0xce58f41b)); // 40, -9.09969e+08f +path.lineTo(SkBits2Float(0x43700000), SkBits2Float(0xce58f41b)); // 240, -9.09969e+08f +path.lineTo(SkBits2Float(0x428c0000), SkBits2Float(0xce58f419)); // 70, -9.09969e+08f +path.lineTo(SkBits2Float(0x430c0000), SkBits2Float(0xce58f41c)); // 140, -9.09969e+08f +path.close(); + REPORTER_ASSERT(reporter, !Simplify(path, &path)); +} + static void (*skipTest)(skiatest::Reporter* , const char* filename) = 0; static void (*firstTest)(skiatest::Reporter* , const char* filename) = 0; static void (*stopTest)(skiatest::Reporter* , const char* filename) = 0; static TestDesc tests[] = { + TEST(fuzz_59), TEST(fuzz_twister2), TEST(fuzz_twister), TEST(fuzz994s_3414), |