Diff
Modified: branches/safari-602-branch/Source/WebCore/ChangeLog (207205 => 207206)
--- branches/safari-602-branch/Source/WebCore/ChangeLog 2016-10-12 08:41:31 UTC (rev 207205)
+++ branches/safari-602-branch/Source/WebCore/ChangeLog 2016-10-12 08:41:35 UTC (rev 207206)
@@ -1,5 +1,32 @@
2016-10-12 Matthew Hanson <matthew_han...@apple.com>
+ Merge r205197. rdar://problem/28481424
+
+ 2016-08-30 Brent Fulgham <bfulg...@apple.com>
+
+ Use of uninitialised memory in TransformationMatrx::blend4()
+ https://bugs.webkit.org/show_bug.cgi?id=134621
+ <rdar://problem/27337539>
+
+ Reviewed by Dean Jackson.
+
+ Change is based on the Blink change (patch by <alancut...@chromium.org>):
+ <https://src.chromium.org/viewvc/blink?revision=177453&view=revision>
+
+ TransformationMatrix::blend() was attempting to blend between non-invertable
+ matricies. This resulted in garbage stack variables being used.
+ This patch ensures that blend() will fall back to a 50% step interpolation
+ when one of the sides are not invertable.
+
+ Tested by new TransformationMatrix test in TestWebKitAPI.
+
+ * platform/graphics/transforms/TransformationMatrix.cpp:
+ (WebCore::TransformationMatrix::blend2): Properly handle failure in the
+ decompose method calls.
+ (WebCore::TransformationMatrix::blend4): Ditto.
+
+2016-10-12 Matthew Hanson <matthew_han...@apple.com>
+
Merge r205190. rdar://problem/28545010
2016-08-30 Youenn Fablet <you...@apple.com>
Modified: branches/safari-602-branch/Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp (207205 => 207206)
--- branches/safari-602-branch/Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp 2016-10-12 08:41:31 UTC (rev 207205)
+++ branches/safari-602-branch/Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp 2016-10-12 08:41:35 UTC (rev 207206)
@@ -1501,8 +1501,11 @@
{
Decomposed2Type fromDecomp;
Decomposed2Type toDecomp;
- from.decompose2(fromDecomp);
- decompose2(toDecomp);
+ if (!from.decompose2(fromDecomp) || !decompose2(toDecomp)) {
+ if (progress < 0.5)
+ *this = from;
+ return;
+ }
// If x-axis of one is flipped, and y-axis of the other, convert to an unflipped rotation.
if ((fromDecomp.scaleX < 0 && toDecomp.scaleY < 0) || (fromDecomp.scaleY < 0 && toDecomp.scaleX < 0)) {
@@ -1541,8 +1544,11 @@
{
Decomposed4Type fromDecomp;
Decomposed4Type toDecomp;
- from.decompose4(fromDecomp);
- decompose4(toDecomp);
+ if (!from.decompose4(fromDecomp) || !decompose4(toDecomp)) {
+ if (progress < 0.5)
+ *this = from;
+ return;
+ }
blendFloat(fromDecomp.scaleX, toDecomp.scaleX, progress);
blendFloat(fromDecomp.scaleY, toDecomp.scaleY, progress);
Modified: branches/safari-602-branch/Source/WebCore/platform/graphics/transforms/TransformationMatrix.h (207205 => 207206)
--- branches/safari-602-branch/Source/WebCore/platform/graphics/transforms/TransformationMatrix.h 2016-10-12 08:41:31 UTC (rev 207205)
+++ branches/safari-602-branch/Source/WebCore/platform/graphics/transforms/TransformationMatrix.h 2016-10-12 08:41:35 UTC (rev 207206)
@@ -294,7 +294,7 @@
bool decompose4(Decomposed4Type&) const;
void recompose4(const Decomposed4Type&);
- void blend(const TransformationMatrix& from, double progress);
+ WEBCORE_EXPORT void blend(const TransformationMatrix& from, double progress);
void blend2(const TransformationMatrix& from, double progress);
void blend4(const TransformationMatrix& from, double progress);
Modified: branches/safari-602-branch/Tools/ChangeLog (207205 => 207206)
--- branches/safari-602-branch/Tools/ChangeLog 2016-10-12 08:41:31 UTC (rev 207205)
+++ branches/safari-602-branch/Tools/ChangeLog 2016-10-12 08:41:35 UTC (rev 207206)
@@ -1,3 +1,22 @@
+2016-10-12 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r205197. rdar://problem/28481424
+
+ 2016-08-30 Brent Fulgham <bfulg...@apple.com>
+
+ Use of uninitialised memory in TransformationMatrx::blend4()
+ https://bugs.webkit.org/show_bug.cgi?id=134621
+ <rdar://problem/27337539>
+
+ Reviewed by Dean Jackson.
+
+ Change is based on the Blink change (patch by <alancut...@chromium.org>):
+ <https://src.chromium.org/viewvc/blink?revision=177453&view=revision>
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebCore/TransformationMatrix.cpp: Added.
+ (TestWebKitAPI::TEST):
+
2016-09-28 Babak Shafiei <bshaf...@apple.com>
Merge r206527. rdar://problem/28499358
Modified: branches/safari-602-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (207205 => 207206)
--- branches/safari-602-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2016-10-12 08:41:31 UTC (rev 207205)
+++ branches/safari-602-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2016-10-12 08:41:35 UTC (rev 207206)
@@ -147,6 +147,7 @@
76E182DD1547569100F1FADD /* WillSendSubmitEvent_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 76E182DC1547569100F1FADD /* WillSendSubmitEvent_Bundle.cpp */; };
76E182DF154767E600F1FADD /* auto-submitting-form.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 76E182DE15475A8300F1FADD /* auto-submitting-form.html */; };
7A1458FC1AD5C07000E06772 /* mouse-button-listener.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7A1458FB1AD5C03500E06772 /* mouse-button-listener.html */; };
+ 7AD3FE8E1D76131200B169A4 /* TransformationMatrix.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7AD3FE8D1D75FB8D00B169A4 /* TransformationMatrix.cpp */; };
7AE9E5091AE5AE8B00CF874B /* test.pdf in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7AE9E5081AE5AE8B00CF874B /* test.pdf */; };
7C3965061CDD74F90094DBB8 /* Color.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7C3965051CDD74F90094DBB8 /* Color.cpp */; };
7C3DB8E41D12129B00AE8CC3 /* CommandBackForward.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7C3DB8E21D12129B00AE8CC3 /* CommandBackForward.mm */; };
@@ -902,6 +903,7 @@
7A99D9931AD4A29D00373141 /* MenuTypesForMouseEvents.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = MenuTypesForMouseEvents.mm; sourceTree = "<group>"; };
7AA021BA1AB09EA70052953F /* DateMath.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DateMath.cpp; sourceTree = "<group>"; };
7AA6A1511AAC0B31002B2ED3 /* WorkQueue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WorkQueue.cpp; sourceTree = "<group>"; };
+ 7AD3FE8D1D75FB8D00B169A4 /* TransformationMatrix.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TransformationMatrix.cpp; sourceTree = "<group>"; };
7AE9E5081AE5AE8B00CF874B /* test.pdf */ = {isa = PBXFileReference; lastKnownFileType = image.pdf; path = test.pdf; sourceTree = "<group>"; };
7C3965051CDD74F90094DBB8 /* Color.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Color.cpp; sourceTree = "<group>"; };
7C3DB8E21D12129B00AE8CC3 /* CommandBackForward.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CommandBackForward.mm; sourceTree = "<group>"; };
@@ -1375,6 +1377,7 @@
CD225C071C45A69200140761 /* ParsedContentRange.cpp */,
41973B5C1AF22875006C7B36 /* SharedBuffer.cpp */,
CDC2C7141797089D00E627FB /* TimeRanges.cpp */,
+ 7AD3FE8D1D75FB8D00B169A4 /* TransformationMatrix.cpp */,
440A1D3814A0103A008A66F2 /* URL.cpp */,
7C3965051CDD74F90094DBB8 /* Color.cpp */,
);
@@ -2430,6 +2433,7 @@
buildActionMask = 2147483647;
files = (
2E7765CD16C4D80A00BA2BB1 /* mainIOS.mm in Sources */,
+ 7AD3FE8E1D76131200B169A4 /* TransformationMatrix.cpp in Sources */,
2E7765CF16C4D81100BA2BB1 /* mainMac.mm in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
Added: branches/safari-602-branch/Tools/TestWebKitAPI/Tests/WebCore/TransformationMatrix.cpp (0 => 207206)
--- branches/safari-602-branch/Tools/TestWebKitAPI/Tests/WebCore/TransformationMatrix.cpp (rev 0)
+++ branches/safari-602-branch/Tools/TestWebKitAPI/Tests/WebCore/TransformationMatrix.cpp 2016-10-12 08:41:35 UTC (rev 207206)
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2013, Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include <WebCore/TransformationMatrix.h>
+
+using namespace WebCore;
+
+namespace TestWebKitAPI {
+
+TEST(TransformationMatrix, NonInvertableBlend)
+{
+ TransformationMatrix from;
+ TransformationMatrix to(2.7133590938, 0.0, 0.0, 0.0, 0.0, 2.4645137761, 0.0, 0.0, 0.0, 0.0, 0.00, 0.01, 0.02, 0.03, 0.04, 0.05);
+ TransformationMatrix result;
+
+ result = to;
+ result.blend(from, 0.25);
+ EXPECT_TRUE(result == from);
+
+ result = to;
+ result.blend(from, 0.75);
+ EXPECT_TRUE(result == to);
+}
+
+}