skia2/resources/sksl/inliner/Ossfuzz37994.sksl
John Stiles 3ff77f4862 Fix inliner bug discovered by fuzzer.
Intrinsic-call optimization can be triggered during inlining. In this
case, inlining turned `normalize(x)` into `normalize(constant-value)`.

DSL is used to implement optimizations for a handful of intrinsic calls,
including `normalize`, which internally relies on `length`.

The DSL expects that it can use the IRGenerator to handle function
calls. This was not working because we were finished with the initial
compilation pass, and the IRGenerator's symbol table is removed when
finish() was called.

We now temporarily give a symbol table back to the IRGenerator while
the inliner runs. We remove it again as soon as inlining is complete.

Change-Id: I6da98788d93749ffeb008c1f4c3f72b436e8ceeb
Bug: oss-fuzz:37994
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/445956
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
2021-09-07 13:29:37 +00:00

4 lines
155 B
Plaintext

half4 colorGreen;
float2 vector(float2 x,float2 y) { x=normalize(y); return x; }
half4 main(float2 xy) { vector(float2(2),float2(4)); return colorGreen; }