skia2/resources/sksl/errors/Ossfuzz29849.sksl
John Stiles e3a91cf31c Fix fuzzer-discovered error with variable scoping.
In GLSL and SkSL, control statements don't require explicit braces
around single-statement children. That is, the `match = true` child
statement here doesn't need to be braced.

    if (condition) match = true;

Because there are no braces, we never create a Block or a dedicated
SymbolTable here.  This is normally not a problem, but the fuzzer
discovered that it can dump things into the symbol table inside a child
statement:

    if (condition) int newSymbol;

This becomes problematic because the symbol name now outlives its block.
This means `newSymbol` can be referred to later, which should be illegal
(and can cause the optimizer to blow up since the structure is bogus).

There doesn't seem to be any reason to allow this code to compile; the
user can add an explicit scope here to make it reasonable, and it's
(almost) meaningless to declare a symbol that's instantly going to fall
out of scope. This code is now rejected with an error message.

Change-Id: I44778e5b59652d345b10eecd4c88efbf7d86a5e0
Bug: oss-fuzz:29849
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/358960
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
2021-01-26 17:08:59 +00:00

5 lines
45 B
Plaintext

void main() {
if (2 < 2) int a;
a;
}