commit e0c1d285a00e47e1d1584e6a35b95ef2f0d945ff
author krasin <krasin@google.com> Thu Apr 21 08:34:00 2016 -0700
committer Commit bot <commit-bot@chromium.org> Thu Apr 21 08:34:00 2016 -0700
tree 3ac626877602401cb52d887231a5ba7a8a2aab69
parent 8d7ffcee75661a50ce298dc1b3bc0b76bea018e7

SkTArray: fix invalid reinterpret_casts over non-initialized memory.

This should fix 'CFI Linux' buildbot, which is currently horribly broken:
https://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux/builds/5115

BUG=605337

Review URL: https://codereview.chromium.org/1908763002

include/private/SkTArray.h

diff --git a/include/private/SkTArray.h b/include/private/SkTArray.h
index 043784f..8d8f659 100644
--- a/include/private/SkTArray.h
+++ b/include/private/SkTArray.h
@@ -159,34 +159,31 @@
      * elements.
      */
     T& push_back() {
-        T* newT = reinterpret_cast<T*>(this->push_back_raw(1));
-        new (newT) T;
-        return *newT;
+        void* newT = this->push_back_raw(1);
+        return *new (newT) T;
     }
 
     /**
      * Version of above that uses a copy constructor to initialize the new item
      */
     T& push_back(const T& t) {
-        T* newT = reinterpret_cast<T*>(this->push_back_raw(1));
-        new (newT) T(t);
-        return *newT;
+        void* newT = this->push_back_raw(1);
+        return *new (newT) T(t);
     }
 
     /**
      * Version of above that uses a move constructor to initialize the new item
      */
     T& push_back(T&& t) {
-        T* newT = reinterpret_cast<T*>(this->push_back_raw(1));
-        new (newT) T(std::move(t));
-        return *newT;
+        void* newT = this->push_back_raw(1);
+        return *new (newT) T(std::move(t));
     }
 
     /**
      *  Construct a new T at the back of this array.
      */
     template<class... Args> T& emplace_back(Args&&... args) {
-        T* newT = reinterpret_cast<T*>(this->push_back_raw(1));
+        void* newT = this->push_back_raw(1);
         return *new (newT) T(std::forward<Args>(args)...);
     }
 
@@ -197,11 +194,11 @@
      */
     T* push_back_n(int n) {
         SkASSERT(n >= 0);
-        T* newTs = reinterpret_cast<T*>(this->push_back_raw(n));
+        char* newTs = static_cast<char*>(this->push_back_raw(n));
         for (int i = 0; i < n; ++i) {
-            new (newTs + i) T;
+          new (newTs + i * sizeof(T)) T;
         }
-        return newTs;
+        return reinterpret_cast<T*>(newTs);
     }
 
     /**
@@ -210,11 +207,11 @@
      */
     T* push_back_n(int n, const T& t) {
         SkASSERT(n >= 0);
-        T* newTs = reinterpret_cast<T*>(this->push_back_raw(n));
+        char* newTs = static_cast<char*>(this->push_back_raw(n));
         for (int i = 0; i < n; ++i) {
-            new (newTs + i) T(t);
+          new (newTs + i * sizeof(T)) T(t);
         }
-        return newTs;
+        return reinterpret_cast<T*>(newTs);
     }
 
     /**