From 3b9effcb1d1a66d418438bc552c8eb618bdee10e Mon Sep 17 00:00:00 2001
From: Florin Malita <fmalita@chromium.org>
Date: Mon, 14 May 2018 15:26:52 -0400
Subject: [skottie] Sanitize polystar point counts

- limit the maximum number of points
- round instead of trunc (more accurate when interpolating)
- reserve the path verb/pts space upfront

Bug: oss-fuzz:8223
Change-Id: Ib6fb83e56c05b16e292789be81f1a48a9c529211
Reviewed-on: https://skia-review.googlesource.com/128017
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Florin Malita <fmalita@chromium.org>
---
 experimental/skottie/SkottieAdapter.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'experimental')

diff --git a/experimental/skottie/SkottieAdapter.cpp b/experimental/skottie/SkottieAdapter.cpp
index 7ce2f978a4..a01599ccf6 100644
--- a/experimental/skottie/SkottieAdapter.cpp
+++ b/experimental/skottie/SkottieAdapter.cpp
@@ -53,7 +53,8 @@ PolyStarAdapter::PolyStarAdapter(sk_sp<sksg::Path> wrapped_node, Type t)
     , fType(t) {}
 
 void PolyStarAdapter::apply() {
-    const auto count = SkScalarTruncToInt(fPointCount);
+    static constexpr int kMaxPointCount = 100000;
+    const auto count = SkToUInt(SkTPin(SkScalarRoundToInt(fPointCount), 0, kMaxPointCount));
     const auto arc   = sk_ieee_float_divide(SK_ScalarPI * 2, count);
 
     const auto pt_on_circle = [](const SkPoint& c, SkScalar r, SkScalar a) {
@@ -67,8 +68,9 @@ void PolyStarAdapter::apply() {
 
     auto angle = SkDegreesToRadians(fRotation);
     poly.moveTo(pt_on_circle(fPosition, fOuterRadius, angle));
+    poly.incReserve(fType == Type::kStar ? count * 2 : count);
 
-    for (int i = 0; i < count; ++i) {
+    for (unsigned i = 0; i < count; ++i) {
         if (fType == Type::kStar) {
             poly.lineTo(pt_on_circle(fPosition, fInnerRadius, angle + arc * 0.5f));
         }
-- 
cgit v1.2.3