translator: Avoid divide-by-zero in error case.

In some code path found by a fuzzer, we would have a zero sized array, which would trigger a zero divide. I was unable to extract the failing shader from the fuzzer case trivially. BUG=chromium:653274 Change-Id: Ia2558ae828fa73615c901fd1cda9ddaa3a72f1a9 Reviewed-on: https://chromium-review.googlesource.com/394238Reviewed-by: Corentin Wallez <cwallez@chromium.org> Commit-Queue: Jamie Madill <jmadill@chromium.org>

translator: Avoid divide-by-zero in error case.
5b7d40b3 · Jamie Madill · Commit Bot · 26a717b0 · 5b7d40b3
Commit 5b7d40b3 authored Oct 06, 2016 by Jamie Madill Committed by Commit Bot Oct 06, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

Types.cpp src/compiler/translator/Types.cpp +3 -0

No files found.
--- a/src/compiler/translator/Types.cpp
+++ b/src/compiler/translator/Types.cpp
@@ -327,6 +327,9 @@ size_t TType::getObjectSize() const
    if (isArray())
    {
+        if (totalSize == 0)
+            return 0;
        size_t currentArraySize = getArraySize();
        if (currentArraySize > INT_MAX / totalSize)
            totalSize = INT_MAX;