From: robertphillips <robertphillips@google.com>
Date: Tue, 28 Jun 2016 11:54:54 +0000 (-0700)
Subject: Fix mask applied to SkPath::fFillType in readFromMemory to fix fuzzer bug
X-Git-Tag: accepted/tizen/5.0/unified/20181102.025319~129^2~43
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7070a3c44b24da5715dc4da618cb014f87e92451;p=platform%2Fupstream%2FlibSkiaSharp.git

Fix mask applied to SkPath::fFillType in readFromMemory to fix fuzzer bug

The fFillType field only needs/uses 2 bits - not all 8

GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2099113004

Review-Url: https://codereview.chromium.org/2099113004
---

diff --git a/src/core/SkPath.cpp b/src/core/SkPath.cpp
index f5b53fc..50789b4 100644
--- a/src/core/SkPath.cpp
+++ b/src/core/SkPath.cpp
@@ -2058,7 +2058,7 @@ size_t SkPath::readFromMemory(const void* storage, size_t length) {
     }
 
     fConvexity = (packed >> kConvexity_SerializationShift) & 0xFF;
-    fFillType = (packed >> kFillType_SerializationShift) & 0xFF;
+    fFillType = (packed >> kFillType_SerializationShift) & 0x3;
     uint8_t dir = (packed >> kDirection_SerializationShift) & 0x3;
     fIsVolatile = (packed >> kIsVolatile_SerializationShift) & 0x1;
     SkPathRef* pathRef = SkPathRef::CreateFromBuffer(&buffer);