CFI: fix invalid type cast from base class (Task) to a subclass (RenderTask),

where the actual type is a subclass of TileTask.

This bug has been found with the help of CFI (Control Flow Integrity) checker,
see https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity

BUG=chromium:457523,chromium:513021
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1248923002

Cr-Commit-Position: refs/heads/master@{#340010}

1 files changed, 5 insertions, 5 deletions

diff --git a/cc/raster/gpu_tile_task_worker_pool.cc b/cc/raster/gpu_tile_task_worker_pool.cc
index 7c21177..aac2bd3 100644
--- a/cc/raster/gpu_tile_task_worker_pool.cc
+++ b/cc/raster/gpu_tile_task_worker_pool.cc
@@ -216,13 +216,13 @@ bool GpuTileTaskWorkerPool::GetResourceRequiresSwizzle() const {
 
 void GpuTileTaskWorkerPool::CompleteTasks(const Task::Vector& tasks) {
   for (auto& task : tasks) {
-    RasterTask* raster_task = static_cast<RasterTask*>(task.get());
+    TileTask* tile_task = static_cast<TileTask*>(task.get());
 
-    raster_task->WillComplete();
-    raster_task->CompleteOnOriginThread(this);
-    raster_task->DidComplete();
+    tile_task->WillComplete();
+    tile_task->CompleteOnOriginThread(this);
+    tile_task->DidComplete();
 
-    raster_task->RunReplyOnOriginThread();
+    tile_task->RunReplyOnOriginThread();
   }
   completed_tasks_.clear();
 }