From c6b347e98fdb435674525bf376560fd6a83bf4ea Mon Sep 17 00:00:00 2001
From: Herb Derby <herb@google.com>
Date: Mon, 12 Mar 2018 11:06:44 -0400
Subject: Fix overflow in blur for VERY wide bitmaps.

UBSAN has identified an int overflow in a byte offset calculation.

BUG=skia:7698

Change-Id: Ia9687c15bb63dc2953de5d9b9aad764a24e73a57
Reviewed-on: https://skia-review.googlesource.com/113710
Reviewed-by: Ben Wagner <bungeman@google.com>
Commit-Queue: Herb Derby <herb@google.com>
---
 src/core/SkBlurImageFilter.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/core/SkBlurImageFilter.cpp b/src/core/SkBlurImageFilter.cpp
index 286bc2214a..392ca8c862 100644
--- a/src/core/SkBlurImageFilter.cpp
+++ b/src/core/SkBlurImageFilter.cpp
@@ -531,7 +531,9 @@ static sk_sp<SkSpecialImage> cpu_blur(
     }
 
     if (windowW > 1) {
-        auto shift = srcBounds.top() - dstBounds.top();
+        // Make int64 to avoid overflow in multiplication below.
+        int64_t shift = srcBounds.top() - dstBounds.top();
+
         // For the horizontal blur, starts part way down in anticipation of the vertical blur.
         // For a vertical sigma of zero shift should be zero. But, for small sigma,
         // shift may be > 0 but the vertical window could be 1.
-- 
cgit v1.2.3