The fuzzer found that we constructed TypeReferences without first
checking for disallowed tyoes. (In fact, TypeReference creation had no
error checking at all; it didn't even have Convert/Make functions.)
Added proper Convert/Make to TypeReference, and used those calls to
report errors or cause assertions if trying to make a TypeReference to a
type that the program did not support.
(While tracking down this bug, I added strict-ES2 type assertions to our
constructor IR nodes as well. This helped pinpoint the error and seem
reasonable to leave in, just in case.)
Change-Id: I896b68ae9d3d9e1f30d7eba9fa594617ab851c74
Bug: oss-fuzz:39540
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/455498
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
36f53ec7e1