Fix ASAN issue with shuffle ops.
We simplify shuffles by eliminating the front when it's a no-op.
For instance, `foo = foo.xwww` can be replaced with
`foo(1..3) = foo(1..3).zzz`; this works because we can treat
`foo(1..3)` as a real variable (the stack machine doesn't mind!).
During this process, we would replace `xwww` with `zzz` by
decrementing each swizzle component by one, and moving every
swizzle element forward by one in the list. However, the code
neglected to zero out the last element in the swizzle component
list. So `xwww` would actually become `zzzw` instead of `zzz`
(leaving the original `w` in place as-is). If this `w` was
outside the bounds of our stack memory, ASAN would detect it as
undefined behavior. We now zero out the component to ensure that
the read stays in bounds.
Note that the shuffle op did not to actually write an extra
component back to the stack; this would not corrupt memory,
only attempt to read from potentially-unallocated space.
Change-Id: I1a4bec5e94d0b1c336c78cd12771cd536d99cb5f
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/642796
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
1 file changed