Check that fixed-scale record filter is non-null

RecordPaintFilter::CreateScaledPaintRecord can return null if it isn't able to compute a scaled record bounds. This can happen when the canvas matrix is not finite (as is the case for the fuzzer bug). This updates the paint op reader and writer to actually check for that condition. Bug: chromium:1217062 Change-Id: I146dca0b72b919358ba6334442c337607a1f64c7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2971906 Commit-Queue: Vasiliy Telezhnikov <[email protected]> Auto-Submit: Michael Ludwig <[email protected]> Reviewed-by: Vasiliy Telezhnikov <[email protected]> Cr-Commit-Position: refs/heads/master@{#894278}
blueboxd · Jun 21, 2021 · 1c8a904 · 1c8a904
1 parent 9cbe419
commit 1c8a904
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/cc/paint/paint_filter.cc b/cc/paint/paint_filter.cc
@@ -791,7 +791,7 @@ sk_sp<RecordPaintFilter> RecordPaintFilter::CreateScaledPaintRecord(
 size_t RecordPaintFilter::SerializedSize() const {
   base::CheckedNumeric<size_t> total_size =
       BaseSerializedSize() + sizeof(record_bounds_) + sizeof(raster_scale_) +
-      sizeof(scaling_behavior_);
+      sizeof(scaling_behavior_) + sizeof(bool);
   total_size += PaintOpWriter::GetRecordSize(record_.get());
   return total_size.ValueOrDefault(0u);
 }

diff --git a/cc/paint/paint_op_reader.cc b/cc/paint/paint_op_reader.cc
@@ -1087,11 +1087,19 @@ void PaintOpReader::ReadImagePaintFilter(
 void PaintOpReader::ReadRecordPaintFilter(
     sk_sp<PaintFilter>* filter,
     const absl::optional<PaintFilter::CropRect>& crop_rect) {
+  bool has_filter = false;
+  ReadSimple(&has_filter);
+  if (!has_filter) {
+    *filter = nullptr;
+    return;
+  }
+
   SkRect record_bounds = SkRect::MakeEmpty();
   gfx::SizeF raster_scale = {0.f, 0.f};
   PaintShader::ScalingBehavior scaling_behavior =
       PaintShader::ScalingBehavior::kRasterAtScale;
   sk_sp<PaintRecord> record;
+
   ReadSimple(&record_bounds);
   ReadSimple(&raster_scale);
   if (raster_scale.width() <= 0.f || raster_scale.height() <= 0.f) {

diff --git a/cc/paint/paint_op_writer.cc b/cc/paint/paint_op_writer.cc
@@ -807,6 +807,12 @@ void PaintOpWriter::Write(const RecordPaintFilter& filter,
   // from the cache).
   auto scaled_filter = filter.CreateScaledPaintRecord(
       current_ctm.asM33(), options_.max_texture_size);
+  if (!scaled_filter) {
+    WriteSimple(false);
+    return;
+  }
+
+  WriteSimple(true);
   WriteSimple(scaled_filter->record_bounds());
   WriteSimple(scaled_filter->raster_scale());
   WriteSimple(scaled_filter->scaling_behavior());