From 8345556983997960b2bbb68617619b1f65b50601 Mon Sep 17 00:00:00 2001
From: Mike Reed <reed@google.com>
Date: Wed, 2 May 2018 14:58:36 -0400
Subject: check for bad xIntervals before multiply

Bug: oss-fuzz:6120
Change-Id: Icbd464352ad8ef1d35d274da049bc3424ccfa4d4
Reviewed-on: https://skia-review.googlesource.com/125420
Reviewed-by: Florin Malita <fmalita@chromium.org>
Commit-Queue: Mike Reed <reed@google.com>
---
 src/core/SkRegion.cpp | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/core/SkRegion.cpp b/src/core/SkRegion.cpp
index 080b148e47..a7e04fc8c4 100644
--- a/src/core/SkRegion.cpp
+++ b/src/core/SkRegion.cpp
@@ -1234,13 +1234,10 @@ static bool validate_run(const int32_t* runs,
 
         int32_t xIntervals = *runs++;
         SkASSERT(runs < end);
-        if (xIntervals < 0 || runs + 1 + 2 * xIntervals > end) {
+        if (xIntervals < 0 || xIntervals > intervalCount || runs + 1 + 2 * xIntervals > end) {
             return false;
         }
         intervalCount -= xIntervals;
-        if (intervalCount < 0) {
-            return false;  // too many intervals
-        }
         bool firstInterval = true;
         int32_t lastRight = 0;  // check that x-intervals are distinct and ordered.
         while (xIntervals-- > 0) {
-- 
cgit v1.2.3