This adds explicit overflow checks to the two likeliest
places where non-buggy code could overflow SkTDArray.
We have an #ifdef'd out PathMeasure_explosion GM that
overflows before this CL and aborts with it.
Bug: skia:7674
Change-Id: Ia0c430f4a8bb9bad687d13c875f604fd7da45aab
Reviewed-on: https://skia-review.googlesource.com/122342
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Mike Klein <mtklein@chromium.org>
We already assert that setCount()'s argument is non-negative.
This does the same for setReserve().
There was one call site I could find that was actually sometimes
passing negative values to setReserve(), guarded here.
Already reviewed: https://skia-review.googlesource.com/c/skia/+/115982
Change-Id: Ia52a286732bf4056e9baf09555d27bab9abf2554
Reviewed-on: https://skia-review.googlesource.com/122305
Reviewed-by: Mike Klein <mtklein@chromium.org>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Mike Klein <mtklein@chromium.org>
It's only used in one call site, which is clearer without it.
Already reviewed: https://skia-review.googlesource.com/c/skia/+/115982
Change-Id: I3d0f8c1f0756e01e29cdb9f9328b0f557d3650d3
Reviewed-on: https://skia-review.googlesource.com/122302
Reviewed-by: Mike Klein <mtklein@chromium.org>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Mike Klein <mtklein@chromium.org>
This reverts commit 80e1d56e19.
Reason for revert: SkRTree.cpp:57 asserting, probably this?
Original change's description:
> implement SkTDArray with std::vector
>
> It's always worth seeing if we can get away with replacing custom data
> structures with ones from the standard library. Our array-like types
> are all good candidates to replace with std::vector, and it's especially
> easy to start with SkTDArray. Unlike the others, it has no preallocated
> S-variant, which is tricky to make work with std::vector.
>
> SkTDArray also has known integer overflow bugs, leading to out of range
> writes. It'd be _very_ nice to ditch it for a better standard vector.
>
> I removed a bunch of unused or little-used methods, and updated a couple
> call sites that used methods in unusual or dangerous ways.
>
> I've had to tweak GrAAConvexTessellator and SkBaseShadowTessellator just
> a touch to work within the constraints of an std::vector impl. It's not
> intended to be legal to write to the reserved-but-not-counted elements
> of an SkTDArray, but you can get away with it in our old implementation.
> This version now uses setCount() to actually reserve and count them, and
> should have the same performance and use the same amount of memory.
>
> The PathMeasure_explosion GM I added recently to reproduce this bug now
> draws without triggering undefined behavior or ASAN errors, provided you
> have ~40GB of RAM.
>
> Bug: skia:7674
>
> Change-Id: I4eacae18a976cd4a6d218102f8ca5d973d4d7d0e
> Reviewed-on: https://skia-review.googlesource.com/115982
> Reviewed-by: Brian Osman <brianosman@google.com>
> Commit-Queue: Mike Klein <mtklein@chromium.org>
TBR=mtklein@chromium.org,bungeman@google.com,brianosman@google.com
Change-Id: Icffd9f22fe89746a970ff598e1a05c774960bc0e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: skia:7674
Reviewed-on: https://skia-review.googlesource.com/117901
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Mike Klein <mtklein@chromium.org>
This reverts commit 7dd8ee9c60.
Reason for revert: going to revert primary CL
Original change's description:
> In older STLs, std::vector::insert() returns void.
>
> CQ_INCLUDE_TRYBOTS=skia.primary:Build-Debian9-Clang-arm-Debug-Chromebook_GLES
>
> Change-Id: I7bd15ecc7122965db16fbb51e51ee166b05dce2f
> Reviewed-on: https://skia-review.googlesource.com/117722
> Reviewed-by: Brian Osman <brianosman@google.com>
> Commit-Queue: Mike Klein <mtklein@chromium.org>
TBR=mtklein@chromium.org,brianosman@google.com
Change-Id: I9c126edbef74293d8e7a2b7e2365e464ba367ae5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Cq-Include-Trybots: skia.primary:Build-Debian9-Clang-arm-Debug-Chromebook_GLES
Reviewed-on: https://skia-review.googlesource.com/117900
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Mike Klein <mtklein@chromium.org>
CQ_INCLUDE_TRYBOTS=skia.primary:Build-Debian9-Clang-arm-Debug-Chromebook_GLES
Change-Id: I7bd15ecc7122965db16fbb51e51ee166b05dce2f
Reviewed-on: https://skia-review.googlesource.com/117722
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Mike Klein <mtklein@chromium.org>
It's always worth seeing if we can get away with replacing custom data
structures with ones from the standard library. Our array-like types
are all good candidates to replace with std::vector, and it's especially
easy to start with SkTDArray. Unlike the others, it has no preallocated
S-variant, which is tricky to make work with std::vector.
SkTDArray also has known integer overflow bugs, leading to out of range
writes. It'd be _very_ nice to ditch it for a better standard vector.
I removed a bunch of unused or little-used methods, and updated a couple
call sites that used methods in unusual or dangerous ways.
I've had to tweak GrAAConvexTessellator and SkBaseShadowTessellator just
a touch to work within the constraints of an std::vector impl. It's not
intended to be legal to write to the reserved-but-not-counted elements
of an SkTDArray, but you can get away with it in our old implementation.
This version now uses setCount() to actually reserve and count them, and
should have the same performance and use the same amount of memory.
The PathMeasure_explosion GM I added recently to reproduce this bug now
draws without triggering undefined behavior or ASAN errors, provided you
have ~40GB of RAM.
Bug: skia:7674
Change-Id: I4eacae18a976cd4a6d218102f8ca5d973d4d7d0e
Reviewed-on: https://skia-review.googlesource.com/115982
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Mike Klein <mtklein@chromium.org>
These are unused, and would make it conceptually tricky to replace
with something like std::vector that does not have a .release() method.
Change-Id: Iaee913d6a513d078989166c6e97097eeec0100ba
Reviewed-on: https://skia-review.googlesource.com/115921
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Mike Klein <mtklein@chromium.org>
This was created by looking at warnings produced by clang's
-Wzero-as-null-pointer-constant. This updates most issues in
Skia code. However, there are places where GL and Vulkan want
pointer values which are explicitly 0, external headers which
use NULL directly, and possibly more uses in un-compiled
sources (for other platforms).
Change-Id: Id22fbac04d5c53497a53d734f0896b4f06fe8345
Reviewed-on: https://skia-review.googlesource.com/39521
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Ben Wagner <bungeman@google.com>
This will be rolled out in three stages:
1) make SkMemory.h and have SkTypes.h include it.
2) Adjust chromium and android.
3) no long include SkMemory.h in SkTypes.h
Change-Id: If360ef5e1164d88f50b03f279e2e963ca2f57d5d
Reviewed-on: https://skia-review.googlesource.com/9874
Reviewed-by: Brian Salomon <bsalomon@google.com>
Commit-Queue: Herb Derby <herb@google.com>
Change-Id: I60133fcc4101a27bcc3e7ad38e7348ad9147b8a9
Reviewed-on: https://skia-review.googlesource.com/7784
Reviewed-by: Jim Van Verth <jvanverth@google.com>
Commit-Queue: Brian Salomon <bsalomon@google.com>
The C++ standard library uses the name "release" for the operation we call "detach".
Rewriting each "detach(" to "release(" brings us a step closer to using standard library types directly (e.g. std::unique_ptr instead of SkAutoTDelete).
This was a fairly blind transformation. There may have been unintentional conversions in here, but it's probably for the best to have everything uniformly say "release".
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1809733002
Review URL: https://codereview.chromium.org/1809733002
