683ae40560
The fuzzer constructs a long, valid nonsense expression (x+x+x-x+x-x, etc.) which exceeds parse depth. At that point, the token stream points to a `+` token. The parser attempts to consume a new statement but stops in `unaryExpression`; this fails again, due to the max parse-depth, but doesn't consume a token. The parser continues trying to parse the statement, but stopping in `unaryExpression`, making no forward progress in an infinite loop. I've made a couple of changes as a result. - Exceeding the max parse depth now sets `fEncounteredFatalError`. - Encountering a fatal error causes block() to immediately halt. This actually undoes a few of the arbitrary changes from http://review.skia.org/506463 but not in a bad way. - `unaryExpression()` now consumes a token before checking parse-depth. - `structDeclaration()` had a similar issue where it could potentially fail without consuming any tokens; this is fixed as well. - Some unnecessarily-nested logic in ternaryExpression() was flattened while I tried to ensure that it always consumes a token. Change-Id: I52c2161965ffbcef1185761ca6897ec1cba5df89 Bug: oss-fuzz:44551 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/507436 Auto-Submit: John Stiles <johnstiles@google.com> Reviewed-by: Ethan Nicholas <ethannicholas@google.com> Commit-Queue: Ethan Nicholas <ethannicholas@google.com> |
||
|---|---|---|
| .. | ||
| blend | ||
| errors | ||
| es2_conformance | ||
| folding | ||
| glsl | ||
| inliner | ||
| intrinsics | ||
| metal | ||
| runtime | ||
| runtime_errors | ||
| shared | ||
| spirv | ||
| workarounds | ||
| README.txt | ||
| update_fuzzer.py | ||
This directory contains source files for testing skslc compilation. The compiled output files are in the /tests/sksl/ directory.