Fix LinearGradient4fContext::shadeSpanInternal fuzz

shadeSpanInternal() converts the count to float -> for ridiculously wide devices, it may not be represented exactly -> we end up potentially overflowing the dest buffer. Refactor to stay in int -- this works because SkScalarTruncToInt now saturates, and it also appears to be marginally faster. Bug: skia:8536 Change-Id: Ia0b39543ef347332f545af11eabae84c63813fcd Reviewed-on: https://skia-review.googlesource.com/c/169740 Reviewed-by: Kevin Lubick <kjlubick@google.com> Commit-Queue: Florin Malita <fmalita@chromium.org>
2018-11-08 12:00:20 -05:00 · 2018-11-08 12:00:20 -05:00 · 909e61c26c
commit 909e61c26c
parent 389528d8d8
1 changed files with 1 additions and 2 deletions
--- a/src/shaders/gradients/Sk4fLinearGradient.cpp
+++ b/src/shaders/gradients/Sk4fLinearGradient.cpp
@ -242,8 +242,7 @@ LinearGradient4fContext::shadeSpanInternal(int x, int y, dstType dst[], int coun
    while (count > 0) {
        // What we really want here is SkTPin(advance, 1, count)
        // but that's a significant perf hit for >> stops; investigate.
-        const int n = SkScalarTruncToInt(
-            SkTMin<SkScalar>(proc.currentAdvance() + 1, SkIntToScalar(count)));
+        const int n = SkTMin(SkScalarTruncToInt(proc.currentAdvance() + 1), count);

        // The current interval advance can be +inf (e.g. when reaching
        // the clamp mode end intervals) - when that happens, we expect to