[webkit-changes] [250214] releases/WebKitGTK/webkit-2.26/Source/WebCore

[carlosgc]

Title: [250214] releases/WebKitGTK/webkit-2.26/Source/WebCore

Revision

250214

Author

carlo...@webkit.org

Date

2019-09-23 01:46:42 -0700 (Mon, 23 Sep 2019)

Log Message

Merge r249937 - [Cairo] Image::drawTiled → Cairo::drawSurface → cairo_paint_with_alpha → segfault happens in pixman
https://bugs.webkit.org/show_bug.cgi?id=201755

Reviewed by Don Olmstead.

Segmentation faults happened in pixman while painting a image. In
Cairo::drawSurface, originalSrcRect can be slightly larger than
the surface size because of floating number calculations.
Cairo::drawSurface created a subsurface which is running over the
parent surface boundaries.

* platform/graphics/cairo/CairoOperations.cpp:
(WebCore::Cairo::drawSurface): Calculated a intersection with
expandedSrcRect and the parent surface size for subsurface size.

Modified Paths

• releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250213 => 250214)

--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog	2019-09-23 08:46:39 UTC (rev 250213)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog	2019-09-23 08:46:42 UTC (rev 250214)
@@ -1,3 +1,20 @@
+2019-09-16  Fujii Hironori  <hironori.fu...@sony.com>
+
+        [Cairo] Image::drawTiled → Cairo::drawSurface → cairo_paint_with_alpha → segfault happens in pixman
+        https://bugs.webkit.org/show_bug.cgi?id=201755
+
+        Reviewed by Don Olmstead.
+
+        Segmentation faults happened in pixman while painting a image. In
+        Cairo::drawSurface, originalSrcRect can be slightly larger than
+        the surface size because of floating number calculations.
+        Cairo::drawSurface created a subsurface which is running over the
+        parent surface boundaries.
+
+        * platform/graphics/cairo/CairoOperations.cpp:
+        (WebCore::Cairo::drawSurface): Calculated a intersection with
+        expandedSrcRect and the parent surface size for subsurface size.
+
 2019-09-11  Charlie Turner  <ctur...@igalia.com>
 
         [GStreamer] Do not adopt floating references.

Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp (250213 => 250214)

--- releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp	2019-09-23 08:46:39 UTC (rev 250213)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp	2019-09-23 08:46:42 UTC (rev 250214)
@@ -933,6 +933,7 @@
     if (srcRect.x() || srcRect.y() || srcRect.size() != cairoSurfaceSize(surface)) {
         // Cairo subsurfaces don't support floating point boundaries well, so we expand the rectangle.
         IntRect expandedSrcRect(enclosingIntRect(srcRect));
+        expandedSrcRect.intersect({ { }, cairoSurfaceSize(surface) });
 
         // We use a subsurface here so that we don't end up sampling outside the originalSrcRect rectangle.
         // See https://bugs.webkit.org/show_bug.cgi?id=58309

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes