Handle null colorspace in SkToSRGBColorFilter.

This was uncovered by the linked fuzzer issue.

I haven't looked hard at it, but I'd guess it's fuzzed an ICC profile
into one that can't be deserialized, and we get a null in CreateProc().

We could probably restrict the null check to just CreateProc(), but
putting it in Make() and asserting in the constructor feels cozy.

BUG=chromium:787718

Change-Id: Ic4b1dad28c00ee5870f22093eedbf34686c32120
Reviewed-on: https://skia-review.googlesource.com/76080
Commit-Queue: Mike Klein <mtklein@chromium.org>
Reviewed-by: Brian Osman <brianosman@google.com>

1 files changed, 4 insertions, 2 deletions

diff --git a/src/effects/SkToSRGBColorFilter.cpp b/src/effects/SkToSRGBColorFilter.cpp
index fa26350097..948c4d908b 100644
--- a/src/effects/SkToSRGBColorFilter.cpp
+++ b/src/effects/SkToSRGBColorFilter.cpp
@@ -56,7 +56,7 @@ void SkToSRGBColorFilter::onAppendStages(SkRasterPipeline* p,
 }
 
 sk_sp<SkColorFilter> SkToSRGBColorFilter::Make(sk_sp<SkColorSpace> srcColorSpace) {
-    if (srcColorSpace->isSRGB()) {
+    if (!srcColorSpace || srcColorSpace->isSRGB()) {
         return nullptr;
     } else {
         return sk_sp<SkColorFilter>(new SkToSRGBColorFilter(std::move(srcColorSpace)));
@@ -64,7 +64,9 @@ sk_sp<SkColorFilter> SkToSRGBColorFilter::Make(sk_sp<SkColorSpace> srcColorSpace
 }
 
 SkToSRGBColorFilter::SkToSRGBColorFilter(sk_sp<SkColorSpace> srcColorSpace)
-        : fSrcColorSpace(std::move(srcColorSpace)) {}
+        : fSrcColorSpace(std::move(srcColorSpace)) {
+    SkASSERT(fSrcColorSpace);
+}
 
 sk_sp<SkFlattenable> SkToSRGBColorFilter::CreateProc(SkReadBuffer& buffer) {
     auto data = buffer.readByteArrayAsData();