summaryrefslogtreecommitdiff
path: root/chromium/third_party/skia/src/sksl/ir/SkSLType.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/third_party/skia/src/sksl/ir/SkSLType.cpp')
-rw-r--r--chromium/third_party/skia/src/sksl/ir/SkSLType.cpp20
1 files changed, 17 insertions, 3 deletions
diff --git a/chromium/third_party/skia/src/sksl/ir/SkSLType.cpp b/chromium/third_party/skia/src/sksl/ir/SkSLType.cpp
index 04c1946509e..c474db149f5 100644
--- a/chromium/third_party/skia/src/sksl/ir/SkSLType.cpp
+++ b/chromium/third_party/skia/src/sksl/ir/SkSLType.cpp
@@ -12,10 +12,12 @@
#include "include/private/SkTFitsIn.h"
#include "include/sksl/SkSLErrorReporter.h"
#include "src/core/SkMathPriv.h"
+#include "src/core/SkSafeMath.h"
#include "src/sksl/SkSLBuiltinTypes.h"
#include "src/sksl/SkSLConstantFolder.h"
#include "src/sksl/SkSLContext.h"
#include "src/sksl/SkSLProgramSettings.h"
+#include "src/sksl/SkSLThreadContext.h"
#include "src/sksl/ir/SkSLConstructorArrayCast.h"
#include "src/sksl/ir/SkSLConstructorCompoundCast.h"
#include "src/sksl/ir/SkSLConstructorScalarCast.h"
@@ -648,6 +650,17 @@ std::unique_ptr<Type> Type::MakeScalarType(std::string_view name, const char* ab
std::unique_ptr<Type> Type::MakeStructType(Position pos, std::string_view name,
std::vector<Field> fields, bool interfaceBlock) {
+ size_t slots = 0;
+ for (const Field& field : fields) {
+ if (field.fType->isUnsizedArray()) {
+ continue;
+ }
+ slots = SkSafeMath::Add(slots, field.fType->slotCount());
+ if (slots >= kVariableSlotLimit) {
+ ThreadContext::Context().fErrors->error(pos, "struct is too large");
+ break;
+ }
+ }
return std::make_unique<StructType>(pos, name, std::move(fields), interfaceBlock);
}
@@ -1120,8 +1133,9 @@ bool Type::checkIfUsableInArray(const Context& context, Position arrayPos) const
return true;
}
-SKSL_INT Type::convertArraySize(const Context& context, Position arrayPos,
- std::unique_ptr<Expression> size) const {
+SKSL_INT Type::convertArraySize(const Context& context,
+ Position arrayPos,
+ std::unique_ptr<Expression> size) const {
size = context.fTypes.fInt->coerceExpression(std::move(size), context);
if (!size) {
return 0;
@@ -1138,7 +1152,7 @@ SKSL_INT Type::convertArraySize(const Context& context, Position arrayPos,
context.fErrors->error(size->fPosition, "array size must be positive");
return 0;
}
- if (!SkTFitsIn<int32_t>(count)) {
+ if (SkSafeMath::Mul(this->slotCount(), count) > kVariableSlotLimit) {
context.fErrors->error(size->fPosition, "array size is too large");
return 0;
}
View Lorry Controller Status