SkSL vector divide by zero now properly reports an error
Bug: oss-fuzz:14025
Change-Id: I45992c1953e054ce18c8e692273d44dc98f49fd8
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/220000
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
diff --git a/src/sksl/SkSLIRGenerator.cpp b/src/sksl/SkSLIRGenerator.cpp
index cd9e472..842a1a0 100644
--- a/src/sksl/SkSLIRGenerator.cpp
+++ b/src/sksl/SkSLIRGenerator.cpp
@@ -1572,13 +1572,13 @@
if (left.fType.kind() == Type::kVector_Kind && left.fType.componentType().isFloat() &&
left.fType == right.fType) {
std::vector<std::unique_ptr<Expression>> args;
- #define RETURN_VEC_COMPONENTWISE_RESULT(op) \
- for (int i = 0; i < left.fType.columns(); i++) { \
- float value = left.getFVecComponent(i) op \
- right.getFVecComponent(i); \
- args.emplace_back(new FloatLiteral(fContext, -1, value)); \
- } \
- return std::unique_ptr<Expression>(new Constructor(-1, left.fType, \
+ #define RETURN_VEC_COMPONENTWISE_RESULT(op) \
+ for (int i = 0; i < left.fType.columns(); i++) { \
+ float value = left.getFVecComponent(i) op \
+ right.getFVecComponent(i); \
+ args.emplace_back(new FloatLiteral(fContext, -1, value)); \
+ } \
+ return std::unique_ptr<Expression>(new Constructor(-1, left.fType, \
std::move(args)))
switch (op) {
case Token::EQEQ:
@@ -1590,7 +1590,18 @@
case Token::PLUS: RETURN_VEC_COMPONENTWISE_RESULT(+);
case Token::MINUS: RETURN_VEC_COMPONENTWISE_RESULT(-);
case Token::STAR: RETURN_VEC_COMPONENTWISE_RESULT(*);
- case Token::SLASH: RETURN_VEC_COMPONENTWISE_RESULT(/);
+ case Token::SLASH:
+ for (int i = 0; i < left.fType.columns(); i++) {
+ SKSL_FLOAT rvalue = right.getFVecComponent(i);
+ if (rvalue == 0.0) {
+ fErrors.error(right.fOffset, "division by zero");
+ return nullptr;
+ }
+ float value = left.getFVecComponent(i) / rvalue;
+ args.emplace_back(new FloatLiteral(fContext, -1, value));
+ }
+ return std::unique_ptr<Expression>(new Constructor(-1, left.fType,
+ std::move(args)));
default: return nullptr;
}
}