detect if makeOffset failed If we don't detect this, this imagefilter might not write to all of the pixels it claims it will, resulting in uninitialized memory. Bug: oss-fuzz:7209 Change-Id: I6c53757046b4d6051da1b317310c89b8ec4752ca Reviewed-on: https://skia-review.googlesource.com/119145 Reviewed-by: Mike Reed <reed@google.com> Commit-Queue: Mike Reed <reed@google.com>

commit: 6209bfafad7d4ad57b105fe9fdfc90298ebd4a69 [log] [tgz]
author: Mike Reed <reed@google.com> Fri Apr 06 14:27:27 2018 -0400
committer: Skia Commit-Bot <skia-commit-bot@chromium.org> Fri Apr 06 19:35:34 2018 +0000
tree: 878b7997dabdf5eebf3d13b1cfa932138b65d69a
parent: 55068bf8936af4dc0d5b1d470f94fb55a0718f29 [diff]
diff --git a/src/effects/SkDisplacementMapEffect.cpp b/src/effects/SkDisplacementMapEffect.cpp
index 1891023..5dd3ece 100644
--- a/src/effects/SkDisplacementMapEffect.cpp
+++ b/src/effects/SkDisplacementMapEffect.cpp

@@ -269,6 +269,11 @@
     }
 
     const SkIRect colorBounds = bounds.makeOffset(-colorOffset.x(), -colorOffset.y());
+    // If the offset overflowed (saturated) then we have to abort, as we need their
+    // dimensions to be equal. See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7209
+    if (colorBounds.size() != bounds.size()) {
+        return nullptr;
+    }
 
     SkVector scale = SkVector::Make(fScale, fScale);
     ctx.ctm().mapVectors(&scale, 1);
commit	6209bfafad7d4ad57b105fe9fdfc90298ebd4a69	[log] [tgz]
author	Mike Reed <reed@google.com>	Fri Apr 06 14:27:27 2018 -0400
committer	Skia Commit-Bot <skia-commit-bot@chromium.org>	Fri Apr 06 19:35:34 2018 +0000
tree	878b7997dabdf5eebf3d13b1cfa932138b65d69a
parent	55068bf8936af4dc0d5b1d470f94fb55a0718f29 [diff]