From 5a2057aee9c6293c3dc78cfb013c06ea707d39e4 Mon Sep 17 00:00:00 2001
From: Cary Clark <caryclark@google.com>
Date: Tue, 3 Jan 2017 10:47:34 -0500
Subject: fix fuzzer

abort if incoming data is out of range

TBR=reed@google.com
BUG=676866

Change-Id: I7d4850611654a399e32ea2012b23ca369dc53e70
Reviewed-on: https://skia-review.googlesource.com/6525
Reviewed-by: Cary Clark <caryclark@google.com>
Commit-Queue: Cary Clark <caryclark@google.com>
---
 src/pathops/SkOpCoincidence.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/pathops')

diff --git a/src/pathops/SkOpCoincidence.cpp b/src/pathops/SkOpCoincidence.cpp
index 9f841114d5..f9ec15709e 100644
--- a/src/pathops/SkOpCoincidence.cpp
+++ b/src/pathops/SkOpCoincidence.cpp
@@ -996,7 +996,9 @@ bool SkOpCoincidence::apply(DEBUG_COIN_DECLARE_ONLY_PARAMS()) {
         return true;
     }
     do {
-        SkOpSpan* start = coin->coinPtTStartWritable()->span()->upCast();
+        SkOpSpanBase* startSpan = coin->coinPtTStartWritable()->span();
+        FAIL_IF(!startSpan->upCastable());
+        SkOpSpan* start = startSpan->upCast();
         if (start->deleted()) {
             continue;
         }
-- 
cgit v1.2.3