Fix a float-to-int cast crash in AppendArcToPolyline

Ink Open Source · copybara-github · commit d4794e9f41c5 · 2025-10-31T09:30:00.000-07:00
This crash was found by temporarily re-enabling the stroke generation fuzz test in `strokes/stroke_test.cc`, as the crash can be triggered by an adversarial (but valid) brush definition.  Fixing this crash is one step toward re-enabling that fuzz test.

PiperOrigin-RevId: 826478319
diff --git a/ink/geometry/internal/circle.cc b/ink/geometry/internal/circle.cc
@@ -41,9 +41,11 @@ void Circle::AppendArcToPolyline(Angle start, Angle arc_angle,
 
   Angle max_step_angle = GetArcAngleForChordHeight(max_chord_height);
 
-  int32_t steps =
-      std::clamp<float>(std::ceil(std::abs(arc_angle / max_step_angle)), 1,
-                        std::numeric_limits<int16_t>::max());
+  float unclamped_steps = std::ceil(std::abs(arc_angle / max_step_angle));
+  int32_t steps = std::isnan(unclamped_steps)
+                      ? 1
+                      : std::clamp<float>(unclamped_steps, 1,
+                                          std::numeric_limits<int16_t>::max());
   Angle step_angle = arc_angle / steps;
 
   // We do not call `vector::reserve` because we expect cases with multiple
diff --git a/ink/geometry/internal/circle_test.cc b/ink/geometry/internal/circle_test.cc
@@ -15,6 +15,7 @@
 #include "ink/geometry/internal/circle.h"
 
 #include <cmath>
+#include <limits>
 #include <optional>
 #include <vector>
 
@@ -34,6 +35,10 @@ using ::testing::ElementsAre;
 using ::testing::Eq;
 using ::testing::ExplainMatchResult;
 using ::testing::FloatNear;
+using ::testing::Ge;
+using ::testing::SizeIs;
+
+constexpr float kNan = std::numeric_limits<float>::quiet_NaN();
 
 // Matcher for checking that every `Point` in the `arg` array lies on the
 // `circle`.
@@ -333,6 +338,30 @@ TEST(CircleTest, AppendArcToPolylineKeepsPriorContents) {
                                     PointEq({5, 6}), PointEq({5, 6})));
 }
 
+TEST(CircleTest, AppendArcToPolylineWithNanStartingAngle) {
+  Circle circle({0, 0}, 1);
+  std::vector<Point> polyline;
+  circle.AppendArcToPolyline(Angle::Radians(kNan), kQuarterTurn, 0.01,
+                             polyline);
+  // The starting angle isn't well-defined, so the start and end points are also
+  // not well-defined.
+  ASSERT_THAT(polyline, SizeIs(Ge(2)));
+  EXPECT_THAT(polyline.front(), NanSensitivePointEq({kNan, kNan}));
+  EXPECT_THAT(polyline.back(), NanSensitivePointEq({kNan, kNan}));
+}
+
+TEST(CircleTest, AppendArcToPolylineWithNanArcAngle) {
+  Circle circle({0, 0}, 1);
+  std::vector<Point> polyline;
+  circle.AppendArcToPolyline(kQuarterTurn, Angle::Radians(kNan), 0.01,
+                             polyline);
+  // The arc angle isn't well-defined, so we shouldn't subdivide the arc into
+  // steps. Instead we should just include the start and end point (the latter
+  // of which is isn't well-defined).
+  EXPECT_THAT(polyline, ElementsAre(PointNear({0, 1}, 0.001),
+                                    NanSensitivePointEq({kNan, kNan})));
+}
+
 TEST(CircleTest, GetArcAngleForChordHeightZeroRadius) {
   Circle circle({1, 2}, 0);
 
