[skottie] Fix OOB access in Parse<SkPoint>

SkJSON requires valid array indices, so callers must guard against
out-of-bounds conditions explicitly.

Bug: oss-fuzz:8956
Change-Id: I50b96b088e44a4c1a569e6911d4be5d75799b464
Reviewed-on: https://skia-review.googlesource.com/135445
Commit-Queue: Florin Malita <fmalita@chromium.org>
Reviewed-by: Kevin Lubick <kjlubick@google.com>

1 files changed, 23 insertions, 0 deletions

diff --git a/modules/skottie/src/SkottieTest.cpp b/modules/skottie/src/SkottieTest.cpp
new file mode 100644
index 0000000000..1c4cc078a5
--- /dev/null
+++ b/modules/skottie/src/SkottieTest.cpp
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "Skottie.h"
+#include "SkStream.h"
+
+#include "Test.h"
+
+DEF_TEST(Skottie_OssFuzz8956, reporter) {
+    static constexpr const char json[] =
+        "{\"v\":\" \",\"fr\":3,\"w\":4,\"h\":3,\"layers\":[{\"ty\": 1, \"sw\": 10, \"sh\": 10,"
+            " \"sc\":\"#ffffff\", \"ks\":{\"o\":{\"a\": true, \"k\":"
+            " [{\"t\": 0, \"s\": 0, \"e\": 1, \"i\": {\"x\":[]}}]}}}]}";
+
+    SkMemoryStream stream(json, strlen(json));
+
+    // Passes if parsing doesn't crash.
+    auto animation = skottie::Animation::Make(&stream);
+}