Title: [90029] trunk/Source/WebCore
- Revision
- 90029
- Author
- [email protected]
- Date
- 2011-06-29 11:30:07 -0700 (Wed, 29 Jun 2011)
Log Message
2011-06-29 Adrienne Walker <[email protected]>
Reviewed by James Robinson.
[chromium] Divide by zero in TilingData
https://bugs.webkit.org/show_bug.cgi?id=63305
Add safety checks for empty layers.
* platform/graphics/chromium/LayerTilerChromium.cpp:
(WebCore::LayerTilerChromium::prepareToUpdate):
(WebCore::LayerTilerChromium::reset):
(WebCore::LayerTilerChromium::updateRect):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (90028 => 90029)
--- trunk/Source/WebCore/ChangeLog 2011-06-29 18:21:37 UTC (rev 90028)
+++ trunk/Source/WebCore/ChangeLog 2011-06-29 18:30:07 UTC (rev 90029)
@@ -1,3 +1,17 @@
+2011-06-29 Adrienne Walker <[email protected]>
+
+ Reviewed by James Robinson.
+
+ [chromium] Divide by zero in TilingData
+ https://bugs.webkit.org/show_bug.cgi?id=63305
+
+ Add safety checks for empty layers.
+
+ * platform/graphics/chromium/LayerTilerChromium.cpp:
+ (WebCore::LayerTilerChromium::prepareToUpdate):
+ (WebCore::LayerTilerChromium::reset):
+ (WebCore::LayerTilerChromium::updateRect):
+
2011-06-29 Dimitri Glazkov <[email protected]>
Reviewed by Adam Barth.
Modified: trunk/Source/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp (90028 => 90029)
--- trunk/Source/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp 2011-06-29 18:21:37 UTC (rev 90028)
+++ trunk/Source/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp 2011-06-29 18:30:07 UTC (rev 90029)
@@ -96,6 +96,8 @@
m_tiles.clear();
m_unusedTiles.clear();
m_tilingData.setTotalSize(0, 0);
+ m_paintRect = IntRect();
+ m_updateRect = IntRect();
}
LayerTilerChromium::Tile* LayerTilerChromium::createTile(int i, int j)
@@ -236,6 +238,11 @@
invalidateTiles(contentRect);
growLayerToContain(contentRect);
+ if (!numTiles()) {
+ m_updateRect = IntRect();
+ return;
+ }
+
// Create tiles as needed, expanding a dirty rect to contain all
// the dirty regions currently being drawn.
IntRect dirtyLayerRect;
@@ -269,7 +276,7 @@
void LayerTilerChromium::updateRect(LayerTextureUpdater* textureUpdater)
{
// Painting could cause compositing to get turned off, which may cause the tiler to become invalidated mid-update.
- if (!m_tilingData.totalSizeX() || !m_tilingData.totalSizeY() || m_updateRect.isEmpty())
+ if (!m_tilingData.totalSizeX() || !m_tilingData.totalSizeY() || m_updateRect.isEmpty() || !numTiles())
return;
GraphicsContext3D* context = layerRendererContext();
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
