[Skia] Handle NaN values returned by SkMatrix::mapPoints()
SkMatrix::mapPoints() can sometimes output NaN values which cannot be
handled by the existing clamping process and cause crashes. This CL
sets the returned NaN SkPoint values to be the boundaries of the
clamping range so that crashes can be avoided while accessing the
bitmap's data.
Bug: chromium:1227636
Change-Id: I375ccce9e2094a1758653c83715c1e0eafa24ffe
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/90590
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Nigi <nigi@chromium.org>
diff --git a/core/fxge/skia/fx_skia_device.cpp b/core/fxge/skia/fx_skia_device.cpp
index b66de47..1f28b5d 100644
--- a/core/fxge/skia/fx_skia_device.cpp
+++ b/core/fxge/skia/fx_skia_device.cpp
@@ -5,6 +5,7 @@
#include "core/fxge/skia/fx_skia_device.h"
#include <limits.h>
+#include <math.h>
#include <algorithm>
#include <utility>
@@ -2570,9 +2571,15 @@
for (int x = 0; x < m_pBitmap->GetWidth(); ++x) {
SkPoint src = {x + 0.5f, y + 0.5f};
inv.mapPoints(&src, 1);
- // TODO(caryclark) Why does the matrix map require clamping?
- src.fX = pdfium::clamp(src.fX, 0.5f, width - 0.5f);
- src.fY = pdfium::clamp(src.fY, 0.5f, height - 0.5f);
+ // SkMatrix::mapPoints() can sometimes output NaN values or values
+ // outside the boundary of the `skBitmap`. Therefore clamping these
+ // values is necessary before getting color information within the
+ // `skBitmap`.
+ src.fX =
+ isnan(src.fX) ? 0.5f : pdfium::clamp(src.fX, 0.5f, width - 0.5f);
+ src.fY =
+ isnan(src.fY) ? 0.5f : pdfium::clamp(src.fY, 0.5f, height - 0.5f);
+
m_pBitmap->SetPixel(x, y, skBitmap.getColor(src.fX, src.fY));
}
}
