From a2f14de3aedc7f6b413e7075cff1c94b0533c820 Mon Sep 17 00:00:00 2001 From: Mike Reed Date: Wed, 9 May 2018 14:01:00 -0400 Subject: check for focaldata failure Bug: oss-fuzz:8150 Change-Id: I061365aa5baa62405d732e92beb560a557671bf6 Reviewed-on: https://skia-review.googlesource.com/127046 Reviewed-by: Florin Malita Commit-Queue: Mike Reed --- .../gradients/SkTwoPointConicalGradient.cpp | 26 +++++++++++----------- src/shaders/gradients/SkTwoPointConicalGradient.h | 3 ++- 2 files changed, 15 insertions(+), 14 deletions(-) (limited to 'src/shaders') diff --git a/src/shaders/gradients/SkTwoPointConicalGradient.cpp b/src/shaders/gradients/SkTwoPointConicalGradient.cpp index 7f56c134cb..48877da34c 100644 --- a/src/shaders/gradients/SkTwoPointConicalGradient.cpp +++ b/src/shaders/gradients/SkTwoPointConicalGradient.cpp @@ -14,13 +14,13 @@ // Please see https://skia.org/dev/design/conical for how our shader works. -void SkTwoPointConicalGradient::FocalData::set(SkScalar r0, SkScalar r1, SkMatrix& matrix) { +bool SkTwoPointConicalGradient::FocalData::set(SkScalar r0, SkScalar r1, SkMatrix* matrix) { fIsSwapped = false; - fFocalX = r0 / (r0 - r1); + fFocalX = sk_ieee_float_divide(r0, (r0 - r1)); if (SkScalarNearlyZero(fFocalX - 1)) { // swap r0, r1 - matrix.postTranslate(-1, 0); - matrix.postScale(-1, 1); + matrix->postTranslate(-1, 0); + matrix->postScale(-1, 1); std::swap(r0, r1); fFocalX = 0; // because r0 is now 0 fIsSwapped = true; @@ -31,22 +31,20 @@ void SkTwoPointConicalGradient::FocalData::set(SkScalar r0, SkScalar r1, SkMatri const SkPoint to[2] = { {0, 0}, {1, 0} }; SkMatrix focalMatrix; if (!focalMatrix.setPolyToPoly(from, to, 2)) { - SkDEBUGFAILF("Mapping focal point failed unexpectedly for focalX = %f.\n", fFocalX); - // We won't be able to draw the gradient; at least make sure that we initialize the - // memory to prevent security issues. - focalMatrix = SkMatrix::MakeScale(1, 1); + return false; } - matrix.postConcat(focalMatrix); + matrix->postConcat(focalMatrix); fR1 = r1 / SkScalarAbs(1 - fFocalX); // focalMatrix has a scale of 1/(1-f) // The following transformations are just to accelerate the shader computation by saving // some arithmatic operations. if (this->isFocalOnCircle()) { - matrix.postScale(0.5, 0.5); + matrix->postScale(0.5, 0.5); } else { - matrix.postScale(fR1 / (fR1 * fR1 - 1), 1 / sqrt(SkScalarAbs(fR1 * fR1 - 1))); + matrix->postScale(fR1 / (fR1 * fR1 - 1), 1 / sqrt(SkScalarAbs(fR1 * fR1 - 1))); } - matrix.postScale(SkScalarAbs(1 - fFocalX), SkScalarAbs(1 - fFocalX)); // scale |1 - f| + matrix->postScale(SkScalarAbs(1 - fFocalX), SkScalarAbs(1 - fFocalX)); // scale |1 - f| + return true; } sk_sp SkTwoPointConicalGradient::Create(const SkPoint& c0, SkScalar r0, @@ -77,7 +75,9 @@ sk_sp SkTwoPointConicalGradient::Create(const SkPoint& c0, SkScalar r0 FocalData focalData; if (gradientType == Type::kFocal) { const auto dCenter = (c0 - c1).length(); - focalData.set(r0 / dCenter, r1 / dCenter, gradientMatrix); // this may change gradientMatrix + if (!focalData.set(r0 / dCenter, r1 / dCenter, &gradientMatrix)) { + return nullptr; + } } return sk_sp(new SkTwoPointConicalGradient(c0, r0, c1, r1, desc, gradientType, gradientMatrix, focalData)); diff --git a/src/shaders/gradients/SkTwoPointConicalGradient.h b/src/shaders/gradients/SkTwoPointConicalGradient.h index fdb2905082..f0d341f17c 100644 --- a/src/shaders/gradients/SkTwoPointConicalGradient.h +++ b/src/shaders/gradients/SkTwoPointConicalGradient.h @@ -22,7 +22,8 @@ public: // The input r0, r1 are the radii when we map centers to {(0, 0), (1, 0)}. // We'll post concat matrix with our transformation matrix that maps focal point to (0, 0). - void set(SkScalar r0, SkScalar r1, SkMatrix& matrix); + // Returns true if the set succeeded + bool set(SkScalar r0, SkScalar r1, SkMatrix* matrix); // Whether the focal point (0, 0) is on the end circle with center (1, 0) and radius r1. If // this is true, it's as if an aircraft is flying at Mach 1 and all circles (soundwaves) -- cgit v1.2.3