Fix overflow in blur for VERY wide bitmaps.

UBSAN has identified an int overflow in a byte offset calculation. BUG=skia:7698 Change-Id: Ia9687c15bb63dc2953de5d9b9aad764a24e73a57 Reviewed-on: https://skia-review.googlesource.com/113710 Reviewed-by: Ben Wagner <bungeman@google.com> Commit-Queue: Herb Derby <herb@google.com>
author: Herb Derby <herb@google.com> 2018-03-12 11:06:44 -0400
committer: Skia Commit-Bot <skia-commit-bot@chromium.org> 2018-03-12 15:32:18 +0000
commit: c6b347e98fdb435674525bf376560fd6a83bf4ea (patch)
tree: 4a540f447cee9fe7b3a2278cf568a5a50c31a1c3
parent: 91390c8acea911d747548e24031888a9c63650fe (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/core/SkBlurImageFilter.cpp b/src/core/SkBlurImageFilter.cpp
index 286bc2214a..392ca8c862 100644
--- a/src/core/SkBlurImageFilter.cpp
+++ b/src/core/SkBlurImageFilter.cpp
@@ -531,7 +531,9 @@ static sk_sp<SkSpecialImage> cpu_blur(
     }
 
     if (windowW > 1) {
-        auto shift = srcBounds.top() - dstBounds.top();
+        // Make int64 to avoid overflow in multiplication below.
+        int64_t shift = srcBounds.top() - dstBounds.top();
+
         // For the horizontal blur, starts part way down in anticipation of the vertical blur.
         // For a vertical sigma of zero shift should be zero. But, for small sigma,
         // shift may be > 0 but the vertical window could be 1.
author	Herb Derby <herb@google.com>	2018-03-12 11:06:44 -0400
committer	Skia Commit-Bot <skia-commit-bot@chromium.org>	2018-03-12 15:32:18 +0000
commit	c6b347e98fdb435674525bf376560fd6a83bf4ea (patch)
tree	4a540f447cee9fe7b3a2278cf568a5a50c31a1c3
parent	91390c8acea911d747548e24031888a9c63650fe (diff)