Do not call blitV with 0 height

Do not call blitV with 0 height

This is causing SkAAClipBlitter to crash.

BUG=chromium:662952
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2485243002

Committed: https://skia.googlesource.com/skia/+/c78eff97549e8e346394d3e228395ceb8a467b35

[liyuqian, 2016-11-08 21:12:23]

Description was changed from

==========
Do not call blitV with 0 height

This is causing SkAAClipBlitter to crash.

BUG=chromium:662952
==========

to

==========
Do not call blitV with 0 height

This is causing SkAAClipBlitter to crash.

BUG=chromium:662952
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2485243002
==========

[liyuqian, 2016-11-08 21:13:30]

Description was changed from

==========
Do not call blitV with 0 height

This is causing SkAAClipBlitter to crash.

BUG=chromium:662952
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2485243002
==========

to

==========
Do not call blitV with 0 height

This is causing SkAAClipBlitter to crash.

BUG=chromium:662952
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2485243002
==========

[liyuqian, 2016-11-08 21:13:30]

liyuqian@google.com changed reviewers:
+ caryclark@google.com, fmalita@chromium.org, reed@google.com

[liyuqian, 2016-11-08 21:16:13]

The CQ bit was checked by liyuqian@google.com to run a CQ dry run

[commit-bot: I haz the power, 2016-11-08 21:16:19]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[caryclark, 2016-11-08 21:33:35]

lgtm

Is it possible to include a test that triggers the old crashing behavior?

[liyuqian, 2016-11-08 21:35:45]

On 2016/11/08 21:33:35, caryclark wrote:
> lgtm
> 
> Is it possible to include a test that triggers the old crashing behavior?

The minimized testcase (see the link below) in chromium:662952 will trigger the
old crashing behavior (in content_shell), and it will be fixed by this patch.

Minimized testcase:
https://cluster-fuzz.appspot.com/download/AMIfv97xNbBofjYWm02kouSSW6FbhM6ZufM...

[caryclark, 2016-11-08 21:52:09]

That's great! But, I've found that the cluster-fuzz test cases disappear after a
while. I'd recommend adding the minimum that reproduces the crash to a test
somewhere.

[liyuqian, 2016-11-08 21:55:06]

On 2016/11/08 21:52:09, caryclark wrote:
> That's great! But, I've found that the cluster-fuzz test cases disappear after
a
> while. I'd recommend adding the minimum that reproduces the crash to a test
> somewhere.

Oh, I don't know that. I love fuzz tests! I thought that Google never delete any
data (the original GMail gave me an impression that Google never ran out of disk
space)... Anyway, the html is really minimal so I'm pasting it below:


<svg class="CLASS4 CLASS11">
<foreignObject class="CLASS0 CLASS4" width="1em" height="1cm">
<style>
.CLASS0{text-decoration:ActiveBorder blink
!important;border-left-color:InactiveCaption;border-style:dotted;text-align:match-parent
'Qj:}Bjdrsd7OT&~7~b9Z\A[petWcqZ^<LZx$QT~cb]|t`bqC}p[hgg%jH\9jO^tlM&R.*}*rFd^E#6{v\A
24t\)YH';}
.CLASS11{text-decoration:currentColor blink;zoom:5%;

[caryclark, 2016-11-08 22:21:46]

I'm suggesting that a test that Skia can run would be the most helpful way to
ensure that this bug doesn't accidentally reoccur, with the added bonus of
validating that the bug is squashed across multiple platforms.

The way I do this in path ops is to modify the fuzzer code to spit out the
problematic data to the console, via path.dumpHex(). 

The trouble with capturing the HTML in this case is that the implementation of
SVG in Chrome may change, obscuring the bug.

[commit-bot: I haz the power, 2016-11-08 22:22:09]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-08 22:22:10]

Dry run: This issue passed the CQ dry run.

[liyuqian, 2016-11-08 22:22:43]

The CQ bit was checked by liyuqian@google.com

[commit-bot: I haz the power, 2016-11-08 22:22:49]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[liyuqian, 2016-11-08 22:23:28]

The CQ bit was unchecked by liyuqian@google.com

[liyuqian, 2016-11-08 22:24:37]

On 2016/11/08 22:21:46, caryclark wrote:
> I'm suggesting that a test that Skia can run would be the most helpful way to
> ensure that this bug doesn't accidentally reoccur, with the added bonus of
> validating that the bug is squashed across multiple platforms.
> 
> The way I do this in path ops is to modify the fuzzer code to spit out the
> problematic data to the console, via path.dumpHex(). 
> 
> The trouble with capturing the HTML in this case is that the implementation of
> SVG in Chrome may change, obscuring the bug.

Oh, sorry that I missed this reply and almost committed the change. I'll dump
the path and add it to Skia unittest tomorrow. BTW, your dumpHex suggestion is
really helpful :D

[liyuqian, 2016-11-09 15:54:35]

Hi Cary, I've added the unit test. Could you please check if it looks good?

[caryclark, 2016-11-09 17:24:39]

lgtm

[liyuqian, 2016-11-09 18:43:21]

The CQ bit was checked by liyuqian@google.com

[commit-bot: I haz the power, 2016-11-09 18:43:28]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-09 19:18:32]

Description was changed from

==========
Do not call blitV with 0 height

This is causing SkAAClipBlitter to crash.

BUG=chromium:662952
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2485243002
==========

to

==========
Do not call blitV with 0 height

This is causing SkAAClipBlitter to crash.

BUG=chromium:662952
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2485243002

Committed:
https://skia.googlesource.com/skia/+/c78eff97549e8e346394d3e228395ceb8a467b35
==========

[commit-bot: I haz the power, 2016-11-09 19:18:33]

Committed patchset #2 (id:20001) as
https://skia.googlesource.com/skia/+/c78eff97549e8e346394d3e228395ceb8a467b35