limit the number of points in SkDashPathEffect::asPoints

src/effects/SkDashPathEffect.cpp

Index: src/effects/SkDashPathEffect.cpp
diff --git a/src/effects/SkDashPathEffect.cpp b/src/effects/SkDashPathEffect.cpp
index 90af32ec5b0fb6686699271f2c888704207a65d4..c5bf40dc814f7512e196298a486a00b6104a9cdd 100644
--- a/src/effects/SkDashPathEffect.cpp
+++ b/src/effects/SkDashPathEffect.cpp
@@ -248,7 +248,15 @@ bool SkDashPathEffect::asPoints(PointData* results,
                 len2 -= clampedInitialDashLength; // skip initial partial empty
             }
         }
-        int numMidPoints = SkScalarFloorToInt(len2 / fIntervalLength);
+        // Too many midpoints can cause results->fNumPoints to overflow or

[reed1, 2016/07/20 18:06:15]

Alternative: we could just return false if the value is too big, since this is
only an optimization routine to draw via points rather than the normal dashing
mechanism...?

+        // otherwise cause the results->fPoints allocation below to OOM.
+        // Cap it to a sane value.
+        static const SkScalar kMaxPoints = 1000000;
+        SkScalar numIntervals = len2 / fIntervalLength;
+        if (!SkScalarIsFinite(numIntervals) || numIntervals > kMaxPoints) {
+            return false;
+        }
+        int numMidPoints = SkScalarFloorToInt(numIntervals);
         results->fNumPoints += numMidPoints;
         len2 -= numMidPoints * fIntervalLength;
         bool partialLast = false;