diff options
Diffstat (limited to 'chromium/third_party/skia/src/sksl/ir/SkSLType.cpp')
-rw-r--r-- | chromium/third_party/skia/src/sksl/ir/SkSLType.cpp | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/chromium/third_party/skia/src/sksl/ir/SkSLType.cpp b/chromium/third_party/skia/src/sksl/ir/SkSLType.cpp index 04c1946509e..c474db149f5 100644 --- a/chromium/third_party/skia/src/sksl/ir/SkSLType.cpp +++ b/chromium/third_party/skia/src/sksl/ir/SkSLType.cpp @@ -12,10 +12,12 @@ #include "include/private/SkTFitsIn.h" #include "include/sksl/SkSLErrorReporter.h" #include "src/core/SkMathPriv.h" +#include "src/core/SkSafeMath.h" #include "src/sksl/SkSLBuiltinTypes.h" #include "src/sksl/SkSLConstantFolder.h" #include "src/sksl/SkSLContext.h" #include "src/sksl/SkSLProgramSettings.h" +#include "src/sksl/SkSLThreadContext.h" #include "src/sksl/ir/SkSLConstructorArrayCast.h" #include "src/sksl/ir/SkSLConstructorCompoundCast.h" #include "src/sksl/ir/SkSLConstructorScalarCast.h" @@ -648,6 +650,17 @@ std::unique_ptr<Type> Type::MakeScalarType(std::string_view name, const char* ab std::unique_ptr<Type> Type::MakeStructType(Position pos, std::string_view name, std::vector<Field> fields, bool interfaceBlock) { + size_t slots = 0; + for (const Field& field : fields) { + if (field.fType->isUnsizedArray()) { + continue; + } + slots = SkSafeMath::Add(slots, field.fType->slotCount()); + if (slots >= kVariableSlotLimit) { + ThreadContext::Context().fErrors->error(pos, "struct is too large"); + break; + } + } return std::make_unique<StructType>(pos, name, std::move(fields), interfaceBlock); } @@ -1120,8 +1133,9 @@ bool Type::checkIfUsableInArray(const Context& context, Position arrayPos) const return true; } -SKSL_INT Type::convertArraySize(const Context& context, Position arrayPos, - std::unique_ptr<Expression> size) const { +SKSL_INT Type::convertArraySize(const Context& context, + Position arrayPos, + std::unique_ptr<Expression> size) const { size = context.fTypes.fInt->coerceExpression(std::move(size), context); if (!size) { return 0; @@ -1138,7 +1152,7 @@ SKSL_INT Type::convertArraySize(const Context& context, Position arrayPos, context.fErrors->error(size->fPosition, "array size must be positive"); return 0; } - if (!SkTFitsIn<int32_t>(count)) { + if (SkSafeMath::Mul(this->slotCount(), count) > kVariableSlotLimit) { context.fErrors->error(size->fPosition, "array size is too large"); return 0; } |