From 2dfab27d6957074ad0b27966bb5ffd0075d1f4e7 Mon Sep 17 00:00:00 2001 From: Brian Osman Date: Tue, 6 Nov 2018 00:41:40 +0000 Subject: [PATCH] Revert "Fix div-by-zero loophole in gradient factory func" This reverts commit c34dd6c5263490b94ef9af7a14dee1b4bc872b58. Reason for revert: Speculative fix for Chrome roll (gradient layout test failures) Original change's description: > Fix div-by-zero loophole in gradient factory func > > Bug: oss-fuzz:10373 > Change-Id: I4277fb63e3186ee34feaf09ecf6aeddeb532f9c1 > Reviewed-on: https://skia-review.googlesource.com/c/168269 > Reviewed-by: Kevin Lubick > Commit-Queue: Michael Ludwig TBR=jvanverth@google.com,kjlubick@google.com,michaelludwig@google.com Change-Id: I6333390d2ecc559ad98bd4d734ab1c674e23037f No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: oss-fuzz:10373 Reviewed-on: https://skia-review.googlesource.com/c/168460 Reviewed-by: Brian Osman Commit-Queue: Brian Osman --- src/shaders/gradients/SkGradientShader.cpp | 22 ++++++++----------- .../gradients/SkTwoPointConicalGradient.cpp | 6 ++--- 2 files changed, 11 insertions(+), 17 deletions(-) diff --git a/src/shaders/gradients/SkGradientShader.cpp b/src/shaders/gradients/SkGradientShader.cpp index 6e0c98d0ce..52a9b56413 100644 --- a/src/shaders/gradients/SkGradientShader.cpp +++ b/src/shaders/gradients/SkGradientShader.cpp @@ -694,23 +694,19 @@ sk_sp SkGradientShader::MakeTwoPointConical(const SkPoint& start, if (startRadius < 0 || endRadius < 0) { return nullptr; } - if (SkScalarNearlyZero((start - end).length())) { - // If the center positions are the same, then the gradient is the radial variant of a - // 2 pt conical gradient, or an actual radial gradient (startRadius == 0), or it is - // fully degenerate (startRadius == endRadius). - if (SkScalarNearlyEqual(startRadius, endRadius)) { - // Degenerate case - return SkShader::MakeEmptyShader(); - } else if (SkScalarNearlyZero(startRadius)) { - // We can treat this gradient as radial, which is faster. - return MakeRadial(start, endRadius, colors, std::move(colorSpace), pos, colorCount, - mode, flags, localMatrix); - } + if (SkScalarNearlyZero((start - end).length()) && SkScalarNearlyZero(startRadius)) { + // We can treat this gradient as radial, which is faster. + return MakeRadial(start, endRadius, colors, std::move(colorSpace), pos, colorCount, + mode, flags, localMatrix); } if (!valid_grad(colors, pos, colorCount, mode)) { return nullptr; } - + if (startRadius == endRadius) { + if (start == end || startRadius == 0) { + return SkShader::MakeEmptyShader(); + } + } if (localMatrix && !localMatrix->invert(nullptr)) { return nullptr; } diff --git a/src/shaders/gradients/SkTwoPointConicalGradient.cpp b/src/shaders/gradients/SkTwoPointConicalGradient.cpp index 469c8ad0b9..49d0631c67 100644 --- a/src/shaders/gradients/SkTwoPointConicalGradient.cpp +++ b/src/shaders/gradients/SkTwoPointConicalGradient.cpp @@ -55,10 +55,8 @@ sk_sp SkTwoPointConicalGradient::Create(const SkPoint& c0, SkScalar r0 Type gradientType; if (SkScalarNearlyZero((c0 - c1).length())) { - if (SkScalarNearlyZero(SkTMax(r0, r1)) || SkScalarNearlyEqual(r0, r1)) { - // Degenerate case; avoid dividing by zero. Should have been caught by caller but - // just in case, recheck here. - return nullptr; + if (SkScalarNearlyZero(SkTMax(r0, r1))) { + return nullptr; // Degenerate case; avoid dividing by zero. } // Concentric case: we can pretend we're radial (with a tiny twist). const SkScalar scale = sk_ieee_float_divide(1, SkTMax(r0, r1));