683ae40560
The fuzzer constructs a long, valid nonsense expression (x+x+x-x+x-x, etc.) which exceeds parse depth. At that point, the token stream points to a `+` token. The parser attempts to consume a new statement but stops in `unaryExpression`; this fails again, due to the max parse-depth, but doesn't consume a token. The parser continues trying to parse the statement, but stopping in `unaryExpression`, making no forward progress in an infinite loop. I've made a couple of changes as a result. - Exceeding the max parse depth now sets `fEncounteredFatalError`. - Encountering a fatal error causes block() to immediately halt. This actually undoes a few of the arbitrary changes from http://review.skia.org/506463 but not in a bad way. - `unaryExpression()` now consumes a token before checking parse-depth. - `structDeclaration()` had a similar issue where it could potentially fail without consuming any tokens; this is fixed as well. - Some unnecessarily-nested logic in ternaryExpression() was flattened while I tried to ensure that it always consumes a token. Change-Id: I52c2161965ffbcef1185761ca6897ec1cba5df89 Bug: oss-fuzz:44551 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/507436 Auto-Submit: John Stiles <johnstiles@google.com> Reviewed-by: Ethan Nicholas <ethannicholas@google.com> Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
6 lines
138 B
GLSL
6 lines
138 B
GLSL
### Compilation failed:
|
|
|
|
error: 6: type mismatch: '+' cannot operate on 'int', '<INVALID>'
|
|
error: 8: expected ';', but found 'o'
|
|
2 errors
|