From 79aa2f12ab4e2f51e98db8f18175e10d8050821f Mon Sep 17 00:00:00 2001 From: Cary Clark Date: Thu, 31 May 2018 16:22:02 -0400 Subject: [PATCH] don't walk off end of pointer Avoids pointer-overflow in ASAN/UBSAN. R=mtklein@google.com Bug:836282 Change-Id: I2125fa7927c30ae601431af8daec0f900c84799c Reviewed-on: https://skia-review.googlesource.com/131261 Auto-Submit: Cary Clark Commit-Queue: Mike Klein Reviewed-by: Mike Klein --- src/pathops/SkOpEdgeBuilder.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/pathops/SkOpEdgeBuilder.cpp b/src/pathops/SkOpEdgeBuilder.cpp index 16cbfc410c..363933e0c5 100644 --- a/src/pathops/SkOpEdgeBuilder.cpp +++ b/src/pathops/SkOpEdgeBuilder.cpp @@ -175,10 +175,11 @@ bool SkOpEdgeBuilder::close() { bool SkOpEdgeBuilder::walk() { uint8_t* verbPtr = fPathVerbs.begin(); uint8_t* endOfFirstHalf = &verbPtr[fSecondHalf]; - SkPoint* pointsPtr = fPathPts.begin() - 1; + SkPoint* pointsPtr = fPathPts.begin(); SkScalar* weightPtr = fWeights.begin(); SkPath::Verb verb; SkOpContour* contour = fContourBuilder.contour(); + int moveToPtrBump = 0; while ((verb = (SkPath::Verb) *verbPtr) != SkPath::kDone_Verb) { if (verbPtr == endOfFirstHalf) { fOperand = true; @@ -198,7 +199,8 @@ bool SkOpEdgeBuilder::walk() { } contour->init(fGlobalState, fOperand, fXorMask[fOperand] == kEvenOdd_PathOpsMask); - pointsPtr += 1; + pointsPtr += moveToPtrBump; + moveToPtrBump = 1; continue; case SkPath::kLine_Verb: fContourBuilder.addLine(pointsPtr);