From 5567a6091cebf1cd5f87baa49fc4d42f67bcf226 Mon Sep 17 00:00:00 2001
From: Brian Osman <brianosman@google.com>
Date: Tue, 27 Oct 2020 09:52:39 -0400
Subject: [PATCH] Guard traversal of certain kinds of mid-optimization
 IfStatement

When the test expression has a side-effect, but both the true and else
blocks are empty, the optimizer moves the test out to a standalone
ExpressionStatement. Updating the usage in that situation involves
traversing an IfStatement with no test.

Bug: oss-fuzz:26666
Change-Id: I2fb4004f2401784402040345df49a7d42e4aab5e
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/329960
Reviewed-by: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
---
 src/sksl/SkSLAnalysis.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/sksl/SkSLAnalysis.cpp b/src/sksl/SkSLAnalysis.cpp
index ca48579e29..0fe64b83f7 100644
--- a/src/sksl/SkSLAnalysis.cpp
+++ b/src/sksl/SkSLAnalysis.cpp
@@ -558,7 +558,7 @@ bool TProgramVisitor<PROG, EXPR, STMT, ELEM>::visitStatement(STMT s) {
         }
         case Statement::Kind::kIf: {
             auto& i = s.template as<IfStatement>();
-            return this->visitExpression(*i.test()) ||
+            return (i.test() && this->visitExpression(*i.test())) ||
                    (i.ifTrue() && this->visitStatement(*i.ifTrue())) ||
                    (i.ifFalse() && this->visitStatement(*i.ifFalse()));
         }