Add sk_careful_memcpy to catch undefined behavior in memcpy.

It's undefined behavior to pass null as src or dst to memcpy, even if len is 0.
This currently triggers -fsanitize=attribute-nonnull warnings, but also can
lead to very unexpected code generation with GCC.

sk_careful_memcpy() checks len first before calling memcpy(),
which prevents that weird undefined situation.

This allows me to mark all sanitizers as no-recover, i.e. make-the-bots-red fatal.

CQ_EXTRA_TRYBOTS=client.skia:Test-Ubuntu-GCC-GCE-CPU-AVX2-x86_64-Debug-ASAN-Trybot

BUG=skia:4641
NOTREECHECKS=true

Review URL: https://codereview.chromium.org/1510683002

1 files changed, 4 insertions, 3 deletions

diff --git a/src/core/SkPathRef.cpp b/src/core/SkPathRef.cpp
index 12429aecfc..e05449652e 100644
--- a/src/core/SkPathRef.cpp
+++ b/src/core/SkPathRef.cpp
@@ -72,7 +72,8 @@ void SkPathRef::CreateTransformedCopy(SkAutoTUnref<SkPathRef>* dst,
 
     if (*dst != &src) {
         (*dst)->resetToSize(src.fVerbCnt, src.fPointCnt, src.fConicWeights.count());
-        memcpy((*dst)->verbsMemWritable(), src.verbsMemBegin(), src.fVerbCnt * sizeof(uint8_t));
+        sk_careful_memcpy((*dst)->verbsMemWritable(), src.verbsMemBegin(),
+                           src.fVerbCnt * sizeof(uint8_t));
         (*dst)->fConicWeights = src.fConicWeights;
     }
 
@@ -275,8 +276,8 @@ void SkPathRef::copy(const SkPathRef& ref,
     SkDEBUGCODE(this->validate();)
     this->resetToSize(ref.fVerbCnt, ref.fPointCnt, ref.fConicWeights.count(),
                         additionalReserveVerbs, additionalReservePoints);
-    memcpy(this->verbsMemWritable(), ref.verbsMemBegin(), ref.fVerbCnt * sizeof(uint8_t));
-    memcpy(this->fPoints, ref.fPoints, ref.fPointCnt * sizeof(SkPoint));
+    sk_careful_memcpy(this->verbsMemWritable(), ref.verbsMemBegin(), ref.fVerbCnt*sizeof(uint8_t));
+    sk_careful_memcpy(this->fPoints, ref.fPoints, ref.fPointCnt * sizeof(SkPoint));
     fConicWeights = ref.fConicWeights;
     fBoundsIsDirty = ref.fBoundsIsDirty;
     if (!fBoundsIsDirty) {