range check before casting to DrawType

Bug: oss-fuzz:19583
Change-Id: I656e8ddd5699cfc4998f3f424a1a46380f310c63
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/261591
Commit-Queue: Mike Klein <mtklein@google.com>
Commit-Queue: Mike Reed <reed@google.com>
Auto-Submit: Mike Klein <mtklein@google.com>
Reviewed-by: Mike Reed <reed@google.com>

src/core/SkPicturePlayback.cpp

@@ -42,7 +42,7 @@ SkCanvas::SaveLayerFlags SkCanvasPriv::LegacySaveFlagsToSaveLayerFlags(uint32_t
  * to the next chunk's op code. This also means that the size of a chunk
  * with no arguments (just an opcode) will be 4.
  */
-DrawType SkPicturePlayback::ReadOpAndSize(SkReadBuffer* reader, uint32_t* size) {
+uint32_t SkPicturePlayback::ReadOpAndSize(SkReadBuffer* reader, uint32_t* size) {
     uint32_t temp = reader->readInt();
     uint32_t op;
     if ((temp & 0xFF) == temp) {
@@ -55,7 +55,7 @@ DrawType SkPicturePlayback::ReadOpAndSize(SkReadBuffer* reader, uint32_t* size)
             *size = reader->readInt();
         }
     }
-    return (DrawType)op;
+    return op;
 }
 
 
@@ -89,12 +89,12 @@ void SkPicturePlayback::draw(SkCanvas* canvas,
 
         fCurOffset = reader.offset();
         uint32_t size;
-        DrawType op = ReadOpAndSize(&reader, &size);
+        uint32_t op = ReadOpAndSize(&reader, &size);
         if (!reader.validate(op > UNUSED && op <= LAST_DRAWTYPE_ENUM)) {
             return;
         }
 
-        this->handleOp(&reader, op, size, canvas, initialMatrix);
+        this->handleOp(&reader, (DrawType)op, size, canvas, initialMatrix);
     }
 
     // need to propagate invalid state to the parent reader

src/core/SkPicturePlayback.h

@@ -43,7 +43,7 @@ protected:
                   SkCanvas* canvas,
                   const SkMatrix& initialMatrix);
 
-    static DrawType ReadOpAndSize(SkReadBuffer* reader, uint32_t* size);
+    static uint32_t ReadOpAndSize(SkReadBuffer* reader, uint32_t* size);
 
     class AutoResetOpID {
     public: