From f4f06ada607a9864111e5c1b7e22a1af6a6cda5d Mon Sep 17 00:00:00 2001
From: Mike Reed <reed@google.com>
Date: Wed, 2 May 2018 15:11:42 -0400
Subject: check for huge cubics in patchutils

Bug: oss-fuzz:6128
Change-Id: I4c7551ea2ac4e32dc96c93426846f5ddcd42a449
Reviewed-on: https://skia-review.googlesource.com/125440
Reviewed-by: Florin Malita <fmalita@chromium.org>
Commit-Queue: Mike Reed <reed@google.com>
---
 src/utils/SkPatchUtils.cpp | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/utils/SkPatchUtils.cpp b/src/utils/SkPatchUtils.cpp
index baaca82b31..22a964ec60 100644
--- a/src/utils/SkPatchUtils.cpp
+++ b/src/utils/SkPatchUtils.cpp
@@ -127,9 +127,10 @@ private:
 static const int kPartitionSize = 10;
 
 /**
- * Calculate the approximate arc length given a bezier curve's control points.
+ *  Calculate the approximate arc length given a bezier curve's control points.
+ *  Returns -1 if bad calc (i.e. non-finite)
  */
-static SkScalar approx_arc_length(SkPoint* points, int count) {
+static SkScalar approx_arc_length(const SkPoint points[], int count) {
     if (count < 2) {
         return 0;
     }
@@ -137,7 +138,7 @@ static SkScalar approx_arc_length(SkPoint* points, int count) {
     for (int i = 0; i < count - 1; i++) {
         arcLength += SkPoint::Distance(points[i], points[i + 1]);
     }
-    return arcLength;
+    return SkScalarIsFinite(arcLength) ? arcLength : -1;
 }
 
 static SkScalar bilerp(SkScalar tx, SkScalar ty, SkScalar c00, SkScalar c10, SkScalar c01,
@@ -155,7 +156,6 @@ static Sk4f bilerp(SkScalar tx, SkScalar ty,
 }
 
 SkISize SkPatchUtils::GetLevelOfDetail(const SkPoint cubics[12], const SkMatrix* matrix) {
-
     // Approximate length of each cubic.
     SkPoint pts[kNumPtsCubic];
     SkPatchUtils::GetTopCubic(cubics, pts);
@@ -174,6 +174,10 @@ SkISize SkPatchUtils::GetLevelOfDetail(const SkPoint cubics[12], const SkMatrix*
     matrix->mapPoints(pts, kNumPtsCubic);
     SkScalar rightLength = approx_arc_length(pts, kNumPtsCubic);
 
+    if (topLength < 0 || bottomLength < 0 || leftLength < 0 || rightLength < 0) {
+        return {0, 0};  // negative length is a sentinel for bad length (i.e. non-finite)
+    }
+
     // Level of detail per axis, based on the larger side between top and bottom or left and right
     int lodX = static_cast<int>(SkMaxScalar(topLength, bottomLength) / kPartitionSize);
     int lodY = static_cast<int>(SkMaxScalar(leftLength, rightLength) / kPartitionSize);
-- 
cgit v1.2.3