Saturate subtract translation in SkOffsetImageFilter

Fuzzer has figured out it can overflow. Bug: chromium:1268401 Change-Id: Ia25b8ab382a0ab868a3ca6dd9ea5f68f16d07504 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/471017 Auto-Submit: Brian Salomon <bsalomon@google.com> Commit-Queue: Michael Ludwig <michaelludwig@google.com> Reviewed-by: Michael Ludwig <michaelludwig@google.com>
2021-11-12 15:35:07 -05:00 · 2021-11-12 15:35:07 -05:00 · 87e9d52f2a
commit 87e9d52f2a
parent 3aaed99930
1 changed files with 2 additions and 2 deletions
--- a/src/effects/imagefilters/SkOffsetImageFilter.cpp
+++ b/src/effects/imagefilters/SkOffsetImageFilter.cpp
@ -115,8 +115,8 @@ sk_sp<SkSpecialImage> SkOffsetImageFilter::onFilterImage(const Context& ctx,

        SkPaint paint;
        paint.setBlendMode(SkBlendMode::kSrc);
-        canvas->translate(SkIntToScalar(srcOffset.fX - bounds.fLeft),
-                          SkIntToScalar(srcOffset.fY - bounds.fTop));
+        canvas->translate(SkIntToScalar(Sk32_sat_sub(srcOffset.fX, bounds.fLeft)),
+                          SkIntToScalar(Sk32_sat_sub(srcOffset.fY, bounds.fTop)));

        input->draw(canvas, vec.fX, vec.fY, SkSamplingOptions(), &paint);