[webkit-changes] [249937] trunk/Source/WebCore

[Hironori . Fujii]

Title: [249937] trunk/Source/WebCore

Revision

249937

Author

hironori.fu...@sony.com

Date

2019-09-16 19:56:54 -0700 (Mon, 16 Sep 2019)

Log Message

[Cairo] Image::drawTiled → Cairo::drawSurface → cairo_paint_with_alpha → segfault happens in pixman
https://bugs.webkit.org/show_bug.cgi?id=201755

Reviewed by Don Olmstead.

Segmentation faults happened in pixman while painting a image. In
Cairo::drawSurface, originalSrcRect can be slightly larger than
the surface size because of floating number calculations.
Cairo::drawSurface created a subsurface which is running over the
parent surface boundaries.

* platform/graphics/cairo/CairoOperations.cpp:
(WebCore::Cairo::drawSurface): Calculated a intersection with
expandedSrcRect and the parent surface size for subsurface size.

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (249936 => 249937)

--- trunk/Source/WebCore/ChangeLog	2019-09-17 02:29:31 UTC (rev 249936)
+++ trunk/Source/WebCore/ChangeLog	2019-09-17 02:56:54 UTC (rev 249937)
@@ -1,3 +1,20 @@
+2019-09-16  Fujii Hironori  <hironori.fu...@sony.com>
+
+        [Cairo] Image::drawTiled → Cairo::drawSurface → cairo_paint_with_alpha → segfault happens in pixman
+        https://bugs.webkit.org/show_bug.cgi?id=201755
+
+        Reviewed by Don Olmstead.
+
+        Segmentation faults happened in pixman while painting a image. In
+        Cairo::drawSurface, originalSrcRect can be slightly larger than
+        the surface size because of floating number calculations.
+        Cairo::drawSurface created a subsurface which is running over the
+        parent surface boundaries.
+
+        * platform/graphics/cairo/CairoOperations.cpp:
+        (WebCore::Cairo::drawSurface): Calculated a intersection with
+        expandedSrcRect and the parent surface size for subsurface size.
+
 2019-09-16  Eric Liang  <ericli...@apple.com>
 
         AX: USER: VO: Messages > Message > Shift-VO-M doesn't reveal correct actions

Modified: trunk/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp (249936 => 249937)

--- trunk/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp	2019-09-17 02:29:31 UTC (rev 249936)
+++ trunk/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp	2019-09-17 02:56:54 UTC (rev 249937)
@@ -933,6 +933,7 @@
     if (srcRect.x() || srcRect.y() || srcRect.size() != cairoSurfaceSize(surface)) {
         // Cairo subsurfaces don't support floating point boundaries well, so we expand the rectangle.
         IntRect expandedSrcRect(enclosingIntRect(srcRect));
+        expandedSrcRect.intersect({ { }, cairoSurfaceSize(surface) });
 
         // We use a subsurface here so that we don't end up sampling outside the originalSrcRect rectangle.
         // See https://bugs.webkit.org/show_bug.cgi?id=58309

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes