ff5bb37b72
The fuzzer has been poking various holes in DSL by intentionally creating illegal types (e.g. private or not ES2-compatible), then finding ways to use those types, e.g. constructors or swizzles. Previously we were mitigating those by calling `reportIllegalTypes` at the locations where the type was used. Now, we detect the illegal type usage at the source, and return a poison DSLType. This prevents the illegal type from leaking out at all, and stops the problem at its source. It also allows us to remove calls to `reportIllegalTypes` sprinkled through the code, as those are now redundant. Change-Id: Id50b50f72849111d80f76e4fdc2cb6094d3009bd Bug: oss-fuzz:39597 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/455999 Auto-Submit: John Stiles <johnstiles@google.com> Commit-Queue: Brian Osman <brianosman@google.com> Reviewed-by: Brian Osman <brianosman@google.com> Reviewed-by: Ethan Nicholas <ethannicholas@google.com> |
||
|---|---|---|
| .. | ||
| DSL.h | ||
| DSLBlock.h | ||
| DSLCase.h | ||
| DSLCore.h | ||
| DSLExpression.h | ||
| DSLFunction.h | ||
| DSLLayout.h | ||
| DSLModifiers.h | ||
| DSLRuntimeEffects.h | ||
| DSLStatement.h | ||
| DSLSymbols.h | ||
| DSLType.h | ||
| DSLVar.h | ||
| DSLWrapper.h | ||
| SkSLErrorReporter.h | ||