Add sk_careful_memcpy to catch undefined behavior in memcpy.

It's undefined behavior to pass null as src or dst to memcpy, even if len is 0.
This currently triggers -fsanitize=attribute-nonnull warnings, but also can
lead to very unexpected code generation with GCC.

sk_careful_memcpy() checks len first before calling memcpy(),
which prevents that weird undefined situation.

This allows me to mark all sanitizers as no-recover, i.e. make-the-bots-red fatal.

CQ_EXTRA_TRYBOTS=client.skia:Test-Ubuntu-GCC-GCE-CPU-AVX2-x86_64-Debug-ASAN-Trybot

BUG=skia:4641
NOTREECHECKS=true

Review URL: https://codereview.chromium.org/1510683002

1 files changed, 2 insertions, 2 deletions

diff --git a/include/core/SkTArray.h b/include/core/SkTArray.h
index 401f7084d6..9f1bfa1ac1 100644
--- a/include/core/SkTArray.h
+++ b/include/core/SkTArray.h
@@ -23,11 +23,11 @@ inline void copy(SkTArray<T, true>* self, int dst, int src) {
 }
 template<typename T>
 inline void copy(SkTArray<T, true>* self, const T* array) {
-    memcpy(self->fMemArray, array, self->fCount * sizeof(T));
+    sk_careful_memcpy(self->fMemArray, array, self->fCount * sizeof(T));
 }
 template<typename T>
 inline void copyAndDelete(SkTArray<T, true>* self, char* newMemArray) {
-    memcpy(newMemArray, self->fMemArray, self->fCount * sizeof(T));
+    sk_careful_memcpy(newMemArray, self->fMemArray, self->fCount * sizeof(T));
 }
 
 template<typename T>