5cec187b36
The fuzzer discovered that, when we attempt to verify that an array doesn't contain any literal values that are out-of-range for its base type, we pay a linear-time cost based on the size of the array. This happens even when the array value isn't known at compile time; we still iterate over its slot count and diligently discover that every single constant-subexpression slot in the expression is "null". We now have a helper function on Expression, `allowsConstantSubexpressions`, which only returns true for expression kinds that can contain constant subexpressions. We use this helper to skip over this linear-per-subexpression check when the expression cannot possibly contain a constant subexpression. In particular, `AnyConstructor::compareConstant` and `Type::checkForOutOfRangeLiteral` will now early-out for expressions that can't possibly contain a constant subexpression. Change-Id: Ia34e422afa67b478a8616acb0a0e9cd211b29698 Bug: oss-fuzz:37900 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/444136 Commit-Queue: John Stiles <johnstiles@google.com> Commit-Queue: Ethan Nicholas <ethannicholas@google.com> Auto-Submit: John Stiles <johnstiles@google.com> Reviewed-by: Ethan Nicholas <ethannicholas@google.com>
18 lines
502 B
JavaScript
18 lines
502 B
JavaScript
OpCapability Shader
|
|
%1 = OpExtInstImport "GLSL.std.450"
|
|
OpMemoryModel Logical GLSL450
|
|
OpEntryPoint Fragment %main "main" %sk_Clockwise
|
|
OpExecutionMode %main OriginUpperLeft
|
|
OpName %sk_Clockwise "sk_Clockwise"
|
|
OpName %main "main"
|
|
OpDecorate %sk_Clockwise BuiltIn FrontFacing
|
|
%bool = OpTypeBool
|
|
%_ptr_Input_bool = OpTypePointer Input %bool
|
|
%sk_Clockwise = OpVariable %_ptr_Input_bool Input
|
|
%void = OpTypeVoid
|
|
%7 = OpTypeFunction %void
|
|
%main = OpFunction %void None %7
|
|
%8 = OpLabel
|
|
OpReturn
|
|
OpFunctionEnd
|