e3a91cf31c
In GLSL and SkSL, control statements don't require explicit braces around single-statement children. That is, the `match = true` child statement here doesn't need to be braced. if (condition) match = true; Because there are no braces, we never create a Block or a dedicated SymbolTable here. This is normally not a problem, but the fuzzer discovered that it can dump things into the symbol table inside a child statement: if (condition) int newSymbol; This becomes problematic because the symbol name now outlives its block. This means `newSymbol` can be referred to later, which should be illegal (and can cause the optimizer to blow up since the structure is bogus). There doesn't seem to be any reason to allow this code to compile; the user can add an explicit scope here to make it reasonable, and it's (almost) meaningless to declare a symbol that's instantly going to fall out of scope. This code is now rejected with an error message. Change-Id: I44778e5b59652d345b10eecd4c88efbf7d86a5e0 Bug: oss-fuzz:29849 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/358960 Reviewed-by: Ethan Nicholas <ethannicholas@google.com> Reviewed-by: Brian Osman <brianosman@google.com> Auto-Submit: John Stiles <johnstiles@google.com>
5 lines
83 B
GLSL
5 lines
83 B
GLSL
### Compilation failed:
|
|
|
|
error: 2: variable 'x' must be created in a scope
|
|
1 error
|