Control growth of FuzzNicePath with chain of path transforms

The test case was producing a stack trace of sequential path transforms. While each individual call would check to see if the path is too big and return, the resulting path kept getting continually bigger as we transformed it again and then popped the stack. This CL changes it to skip the transform op if the returned path is already too big. Bug: oss-fuzz:39470 Change-Id: I7f93ae0c39f19950c59fd7173da481286e7274ec Reviewed-on: https://skia-review.googlesource.com/c/skia/+/508637 Reviewed-by: Kevin Lubick <kjlubick@google.com> Commit-Queue: Jim Van Verth <jvanverth@google.com>
2022-02-14 12:55:51 -05:00 · 2022-02-14 12:55:51 -05:00 · 34241299d1
commit 34241299d1
parent 43146e977f
1 changed files with 5 additions and 2 deletions
--- a/fuzz/FuzzCommon.cpp
+++ b/fuzz/FuzzCommon.cpp
@ -206,8 +206,11 @@ void FuzzNicePath(Fuzz* fuzz, SkPath* path, int maxOps) {
                break;
            case 30:
                FuzzNicePath(fuzz, &p, maxOps-1);
-                FuzzNiceMatrix(fuzz, &m);
-                p.transform(m, path);
+                // transform can explode path sizes so skip this op if p too big
+                if (p.countPoints() <= 100000) {
+                    FuzzNiceMatrix(fuzz, &m);
+                    p.transform(m, path);
+                }
                break;
            case 31:
                fuzz_nice_float(fuzz, &a, &b);