Fix int64 overflow in SkClampRange::init()

BUG=skia:5915,skia:6219

Change-Id: Ic849bf9dc90e623fc1d6269cd245a2e3eca05d1d
Reviewed-on: https://skia-review.googlesource.com/8290
Reviewed-by: Herb Derby <herb@google.com>
Commit-Queue: Florin Malita <fmalita@chromium.org>
This commit is contained in:
Florin Malita 2017-02-09 16:41:34 -05:00 committed by Skia Commit-Bot
parent bd41bcc4d7
commit d9569664fe
2 changed files with 59 additions and 12 deletions

View File

@ -38,6 +38,22 @@ static bool sk_64_smul_check(int64_t count, int64_t dx, int64_t* result) {
return true;
}
static bool sk_64_sadd_check(int64_t a, int64_t b, int64_t* result) {
if (a > 0) {
if (b > std::numeric_limits<int64_t>::max() - a) {
return false;
}
} else {
if (b < std::numeric_limits<int64_t>::min() - a) {
return false;
}
}
*result = a + b;
return true;
}
/*
* returns [0..count] for the number of steps (<= count) for which x0 <= edge
* given each step is followed by x0 += dx
@ -87,16 +103,15 @@ void SkClampRange::init(SkGradFixed fx0, SkGradFixed dx0, int count, int v0, int
int64_t dx = dx0;
// start with ex equal to the last computed value
int64_t count_times_dx;
if (!sk_64_smul_check(count - 1, dx, &count_times_dx)) {
int64_t count_times_dx, ex;
if (!sk_64_smul_check(count - 1, dx, &count_times_dx) ||
!sk_64_sadd_check(fx, count_times_dx, &ex)) {
// we can't represent the computed end in 32.32, so just draw something (first color)
fCount1 = fCount2 = 0;
fCount0 = count;
return;
}
int64_t ex = fx + (count - 1) * dx;
if ((uint64_t)(fx | ex) <= kFracMax_SkGradFixed) {
fCount0 = fCount2 = 0;
fCount1 = count;

View File

@ -374,14 +374,26 @@ static void test_linear_fuzzer(skiatest::Reporter*) {
static const SkScalar gPos1[] = { 0, 0, 1 };
static const SkScalar gMatrix0[9] =
{ 6.40969056e-10f, 0 , 6.40969056e-10f,
0 , 4.42539023e-39f, 6.40969056e-10f,
0 , 0 , 1 };
static const SkScalar gMatrix1[9] =
{ -2.75294113f , 6.40969056e-10f, 6.40969056e-10f,
6.40969056e-10f, 6.40969056e-10f, -3.32810161e+24f,
6.40969056e-10f, 6.40969056e-10f, 0 };
static const SkScalar gMatrix0[9] = {
6.40969056e-10f, 0 , 6.40969056e-10f,
0 , 4.42539023e-39f, 6.40969056e-10f,
0 , 0 , 1
};
static const SkScalar gMatrix1[9] = {
-2.75294113f , 6.40969056e-10f, 6.40969056e-10f,
6.40969056e-10f, 6.40969056e-10f, -3.32810161e+24f,
6.40969056e-10f, 6.40969056e-10f, 0
};
static const SkScalar gMatrix2[9] = {
7.93481258e+17f, 6.40969056e-10f, 6.40969056e-10f,
6.40969056e-10f, 6.40969056e-10f, 6.40969056e-10f,
6.40969056e-10f, 6.40969056e-10f, 0.688235283f
};
static const SkScalar gMatrix3[9] = {
1.89180674e+11f, 6.40969056e-10f, 6.40969056e-10f,
6.40969056e-10f, 6.40969056e-10f, 6.40969056e-10f,
6.40969056e-10f, 11276.0469f , 8.12524808e+20f
};
static const struct {
SkPoint fPts[2];
@ -413,6 +425,26 @@ static void test_linear_fuzzer(skiatest::Reporter*) {
nullptr,
gMatrix1
},
{
{{4.42539023e-39f, 6.40969056e-10f}, {6.40969056e-10f, 1.49237238e-19f}},
gColors1,
gPos1,
SK_ARRAY_COUNT(gColors1),
SkShader::kClamp_TileMode,
0,
nullptr,
gMatrix2
},
{
{{6.40969056e-10f, 6.40969056e-10f}, {6.40969056e-10f, -0.688235283f}},
gColors0,
nullptr,
SK_ARRAY_COUNT(gColors0),
SkShader::kClamp_TileMode,
0,
gMatrix3,
nullptr
},
};
static const uint32_t gForceFlags[] = { 0, SkLinearGradient::kForce4fContext_PrivateFlag };