AuroraMiddleware/skia2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
9cef66fbf5
skia2/tests/sksl
History
John Stiles 9cef66fbf5 Fix use-after-free discovered by fuzzer. 
In cases where multiple variables were declared on a single line, it is
legal for variable initialization-expressions to reference variables
declared earlier in the var-decl statement. It is NOT legal for the
inliner to move those references up to the previous statement, where the
variable doesn't exist yet.

This is mitigated by disabling the IRGenerator inliner for var-decls
past the first one in a var-decls statement. (The optimizer will still
pass over this code later and is able to inline it correctly, if it is
worth doing.)

Change-Id: I7a0d45eab20e30ed9f6b2f5c1251b6e0d8eeaea3
Bug: oss-fuzz:26167
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/329357
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
2020-10-23 16:10:15 +00:00
..
blend Directly compute call counts, rather than mutating state 2020-10-19 16:08:39 +00:00
errors Add unit test for self-referential initializer expressions. 2020-10-23 14:36:05 +00:00
fp Revert "Reland "Remove inliner from IR generation stage."" 2020-10-13 15:20:28 +00:00
glsl Add golden outputs for the Metal backend. 2020-09-25 17:46:43 +00:00
inliner Directly compute call counts, rather than mutating state 2020-10-19 16:08:39 +00:00
shared Fix use-after-free discovered by fuzzer. 2020-10-23 16:10:15 +00:00
workarounds Directly compute call counts, rather than mutating state 2020-10-19 16:08:39 +00:00