From 8ac48d9b53de0287c171093d751e8db180c641cf Mon Sep 17 00:00:00 2001
From: Kaylee Lubick <kjlubick@google.com>
Date: Mon, 27 Apr 2026 19:58:02 +0000
Subject: [PATCH] Identify overflow in SkGlyph allocation earlier

Follow-up to https://review.skia.org/1209996

Bug: https://issues.chromium.org/issues/499152771
Change-Id: I487f64d92aa7177a84c1754e275852373a3cc40e
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/1219717
Commit-Queue: Kaylee Lubick <kjlubick@google.com>
Reviewed-by: Michael Ludwig <michaelludwig@google.com>
---
 src/text/gpu/GlyphVector.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/src/text/gpu/GlyphVector.cpp
+++ b/src/text/gpu/GlyphVector.cpp
@@ -62,14 +62,14 @@
         return std::nullopt;
     }
 
-    // Make sure we can multiply without overflow in the check below.
-    static constexpr int kMaxCount = (int)(INT_MAX / sizeof(uint32_t));
-    if (!buffer.validate(glyphCount <= kMaxCount)) {
+    // Make sure we won't overflow the glyphCount math or allocation below.
+    if (!buffer.validate(BagOfBytes::WillCountFit<Variant>(glyphCount))) {
         return std::nullopt;
     }
 
     // Check for enough bytes to populate the packedGlyphID array. If not enough something has
     // gone wrong.
+    static_assert(sizeof(Variant) >= sizeof(uint32_t));
     if (!buffer.validate(glyphCount * sizeof(uint32_t) <= buffer.available())) {
         return std::nullopt;
     }
