5cec187b36
The fuzzer discovered that, when we attempt to verify that an array doesn't contain any literal values that are out-of-range for its base type, we pay a linear-time cost based on the size of the array. This happens even when the array value isn't known at compile time; we still iterate over its slot count and diligently discover that every single constant-subexpression slot in the expression is "null". We now have a helper function on Expression, `allowsConstantSubexpressions`, which only returns true for expression kinds that can contain constant subexpressions. We use this helper to skip over this linear-per-subexpression check when the expression cannot possibly contain a constant subexpression. In particular, `AnyConstructor::compareConstant` and `Type::checkForOutOfRangeLiteral` will now early-out for expressions that can't possibly contain a constant subexpression. Change-Id: Ia34e422afa67b478a8616acb0a0e9cd211b29698 Bug: oss-fuzz:37900 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444136 Commit-Queue: John Stiles <johnstiles@google.com> Commit-Queue: Ethan Nicholas <ethannicholas@google.com> Auto-Submit: John Stiles <johnstiles@google.com> Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
4 lines
89 B
Plaintext
4 lines
89 B
Plaintext
void main() {
|
|
int[2147483646] a, b=a, c=a, d=a, e=a, f=a, g=a, h=a, i=a, j=a, k=a;
|
|
}
|