Fix use-of-uninitialized-value in SkPictureShader::onMakeContext

SkPictureShader::refBitmapShader is expected to always initialize the
scale adjust vector when returning a non-null shader.  But the code path
returning EmptyShader does not do that.

Instead of hauling around a separate scale adjustment, we can refactor
to avoid this problem by adjusting the local matrix directly, if needed,
in refBitmapShader.  The local matrix is conveniently already stored in
a SkTCopyOnFirstWrite.

Bug: chromium:835048, oss-fuzz:7738
Change-Id: I2df3bde7d6237f01bc71857c2fe254e86b186dc0
Reviewed-on: https://skia-review.googlesource.com/122544
Auto-Submit: Florin Malita <fmalita@chromium.org>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Florin Malita <fmalita@chromium.org>

1 files changed, 1 insertions, 2 deletions

diff --git a/src/shaders/SkPictureShader.h b/src/shaders/SkPictureShader.h
index 5f28b6074b..6e5201e8fb 100644
--- a/src/shaders/SkPictureShader.h
+++ b/src/shaders/SkPictureShader.h
@@ -46,9 +46,8 @@ private:
     SkPictureShader(sk_sp<SkPicture>, TileMode, TileMode, const SkMatrix*, const SkRect*,
                     sk_sp<SkColorSpace>);
 
-    sk_sp<SkShader> refBitmapShader(const SkMatrix&, const SkMatrix& localMatrix,
+    sk_sp<SkShader> refBitmapShader(const SkMatrix&, SkTCopyOnFirstWrite<SkMatrix>* localMatrix,
                                     SkColorSpace* dstColorSpace,
-                                    SkVector* scaleAdjust,
                                     const int maxTextureSize = 0) const;
 
     class PictureShaderContext : public Context {