oop: Fix nullptr dereference in a fuzz test case.

This patch does two things: - Binds the test context to the thread, avoiding a dcheck - Ensures to mark the reader as invalid if we couldn't read textblob data R=ericrk@chromium.org Bug: 794921 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel Change-Id: I1cdf8a0c5571587b0d3a66f1a25d99ed5e3daed9 Reviewed-on: https://chromium-review.googlesource.com/827506Reviewed-by: Eric Karl <ericrk@chromium.org> Commit-Queue: vmpstr <vmpstr@chromium.org> Cr-Commit-Position: refs/heads/master@{#524152}

oop: Fix nullptr dereference in a fuzz test case.
This patch does two things: - Binds the test context to the thread, avoiding a dcheck - Ensures to mark the reader as invalid if we couldn't read textblob data R=ericrk@chromium.org Bug: 794921 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel Change-Id: I1cdf8a0c5571587b0d3a66f1a25d99ed5e3daed9 Reviewed-on: https://chromium-review.googlesource.com/827506Reviewed-by: Eric Karl <ericrk@chromium.org> Commit-Queue: vmpstr <vmpstr@chromium.org> Cr-Commit-Position: refs/heads/master@{#524152}
af62bb3a · Vladimir Levin · Commit Bot · dd2e3edd · af62bb3a · af62bb3a
Commit af62bb3a authored Dec 14, 2017 by Vladimir Levin Committed by Commit Bot Dec 14, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

cc/paint/paint_op_buffer_fuzzer.cc cc/paint/paint_op_buffer_fuzzer.cc +1 -0

cc/paint/paint_op_reader.cc cc/paint/paint_op_reader.cc +3 -1

No files found.
--- a/cc/paint/paint_op_buffer_fuzzer.cc
+++ b/cc/paint/paint_op_buffer_fuzzer.cc
@@ -21,6 +21,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
      kRasterDimension, kRasterDimension, kOpaque_SkAlphaType);
  scoped_refptr<cc::TestContextProvider> context_provider =
      cc::TestContextProvider::Create();
+  context_provider->BindToCurrentThread();
  sk_sp<SkSurface> surface = SkSurface::MakeRenderTarget(
      context_provider->GrContext(), SkBudgeted::kYes, image_info);
  SkCanvas* canvas = surface->getCanvas();

--- a/cc/paint/paint_op_reader.cc
+++ b/cc/paint/paint_op_reader.cc
@@ -268,8 +268,10 @@ void PaintOpReader::Read(scoped_refptr<PaintTextBlob>* paint_blob,
                         TransferCacheDeserializeHelper* transfer_cache) {
  sk_sp<SkData> data;
  Read(&data);
-  if (!data || !valid_)
+  if (!data || !valid_) {
+    SetInvalid();
    return;
+  }

  // Skia expects the following to be true, make sure we don't pass it incorrect
  // data.