Fix fuzzer-discovered issue with inlining.
When inlining a function, every cloned statement and expression is
intended to have its Position replaced with the position of the
function call that is being inlined. This allows errors detected
during inlining to be reported at the call site. e.g., if we call
`divide_int(x, 0)` we would prefer to diagnose the division-by-zero
at the call site instead of inside of the function body, because
diagnosing at the function body would be very confusing.
This position-substitution was not occurring for scratch variables.
The fuzzer managed to construct a case that would turn this
oversight into an assertion inside Position, because
`Position::rangeThrough` treats it as an error if the right-side
expression's endpoint comes before the left-side expression's
endpoint.
This does not solve our fuzzer issue but it is a good start.
Bug: oss-fuzz:65111
Change-Id: I73284efac6708ec32130bd4923eaaa9e9149d1db
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/789918
Commit-Queue: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
4 files changed
