Commit Graph

2 Commits

Author SHA1 Message Date
John Stiles
a456175a07 Add expected errors to every test file.
This was (crudely) automated with shell scripts:
http://go/paste/5484300603490304

Change-Id: Ic9e1c93112772d303d1158eb26d995f27b439eba
Bug: skia:12665
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/505637
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2022-02-08 18:20:25 +00:00
John Stiles
e3a91cf31c Fix fuzzer-discovered error with variable scoping.
In GLSL and SkSL, control statements don't require explicit braces
around single-statement children. That is, the `match = true` child
statement here doesn't need to be braced.

    if (condition) match = true;

Because there are no braces, we never create a Block or a dedicated
SymbolTable here.  This is normally not a problem, but the fuzzer
discovered that it can dump things into the symbol table inside a child
statement:

    if (condition) int newSymbol;

This becomes problematic because the symbol name now outlives its block.
This means `newSymbol` can be referred to later, which should be illegal
(and can cause the optimizer to blow up since the structure is bogus).

There doesn't seem to be any reason to allow this code to compile; the
user can add an explicit scope here to make it reasonable, and it's
(almost) meaningless to declare a symbol that's instantly going to fall
out of scope. This code is now rejected with an error message.

Change-Id: I44778e5b59652d345b10eecd4c88efbf7d86a5e0
Bug: oss-fuzz:29849
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/358960
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2021-01-26 17:08:59 +00:00