Skip to content

GitLab

T
tangled
Switch branch/tag
Find file BlameHistoryPermalink
  • Peter Collingbourne's avatar
    cc: Always serialize matrices with an unknown type. · 78e0f67b
    Peter Collingbourne authored 
    This ensures that deserialize -> serialize produces the same result as
deserialize -> serialize -> deserialize -> serialize for a particular
reproducer discovered by clusterfuzz. It was previously possible for
the first serialization to produce a different result than the second
one in the following way:

- the first deserialize would set the matrix type initially to unknown
  (in FixupMatrixPostSerialization) but then set it to the correct
  matrix type as a side effect of creating a transfer cache entry
  (see the following stack trace):

 #0  0x00000000006c9f70 in SkMatrix::getType() const () at ../../third_party/skia/include/core/SkMatrix.h:140
 #1  0x00000000006d3f3d in SkMatrix::isIdentity() const () at ../../third_party/skia/include/core/SkMatrix.h:155
 #2  0x00000000006d1031 in SkMatrix::invert(SkMatrix*) const () at ../../third_party/skia/include/core/SkMatrix.h:1152
 #3  0x0000000000a7e330 in SkGradientShader::MakeSweep(float, float, SkColor4f const*, sk_sp<SkColorSpace>, float const*, int, SkShader::TileMode, float, float, unsigned int, SkMatrix const*) () at ../../third_party/skia/src/shaders/gradients/SkGradientShader.cpp:886
 #4  0x0000000000a7e1c0 in SkGradientShader::MakeSweep(float, float, unsigned int const*, float const*, int, SkShader::TileMode, float, float, unsigned int, SkMatrix const*) () at ../../third_party/skia/src/shaders/gradients/SkGradientShader.cpp:863
 #5  0x0000000000dc2e0d in CreateSkShader() () at ../../cc/paint/paint_shader.cc:397
 #6  0x0000000000daf94d in Read() () at ../../cc/paint/paint_op_reader.cc:522

- the first serialize would write out the correct matrix type verbatim
  from the data structure

- the second deserialize would set the matrix type to unknown but would
  not end up setting it to the correct matrix type because a transfer
  cache entry exists so we follow this code path instead:

  https://cs.chromium.org/chromium/src/cc/paint/paint_op_reader.cc?l=519

- the second serialize would again write the matrix type verbatim from
  the data structure, but this time it would be unknown.

This change fixes the problem by always writing unknown.

Bug: 868966
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Idfb1dcf82e652b696dde5427d9890b0ff6d9a268
Reviewed-on: https://chromium-review.googlesource.com/1156127Reviewed-by: default avatarAntoine Labour <piman@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#579453}
    78e0f67b
paint_op_writer.cc 25 KB