From 09a22e9597e271c44dc7c2b71c72cf62a7de1e19 Mon Sep 17 00:00:00 2001
From: mtklein <mtklein@chromium.org>
Date: Fri, 21 Nov 2014 11:38:53 -0800
Subject: Watch out for SkFixed overflow in SkMipMap.cpp.

Tested with -fsanitize=signed-integer-overflow.
This new assert used to trigger in MipMap unit test.

Don't appear to be any GM diffs.

BUG=skia:

Review URL: https://codereview.chromium.org/729373004
---
 include/core/SkTypes.h | 1 +
 src/core/SkMipMap.cpp  | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/include/core/SkTypes.h b/include/core/SkTypes.h
index 0e9e230349..a38be84d8f 100644
--- a/include/core/SkTypes.h
+++ b/include/core/SkTypes.h
@@ -352,6 +352,7 @@ template <typename T> inline void SkTSwap(T& a, T& b) {
 }
 
 static inline int32_t SkAbs32(int32_t value) {
+    SkASSERT(value != SK_NaN32);  // The most negative int32_t can't be negated.
     if (value < 0) {
         value = -value;
     }
diff --git a/src/core/SkMipMap.cpp b/src/core/SkMipMap.cpp
index fdfb660ccc..83164b1526 100644
--- a/src/core/SkMipMap.cpp
+++ b/src/core/SkMipMap.cpp
@@ -228,7 +228,11 @@ SkMipMap* SkMipMap::Build(const SkBitmap& src, SkDiscardableFactoryProc fact) {
 //static int gCounter;
 
 static SkFixed compute_level(SkScalar scale) {
-    SkFixed s = SkAbs32(SkScalarToFixed(SkScalarInvert(scale)));
+    SkScalar inv = SkScalarAbs(SkScalarInvert(scale));
+    if (inv > 32767) {  // Watch out for SkFixed overflow.
+        inv = 32767;
+    }
+    SkFixed s = SkScalarToFixed(inv);
 
     if (s < SK_Fixed1) {
         return 0;
-- 
cgit v1.2.3