[webkit-changes] [208715] branches/safari-602-branch

Mon, 14 Nov 2016 16:18:52 -0800

Title: [208715] branches/safari-602-branch

Diff

Modified: branches/safari-602-branch/LayoutTests/ChangeLog (208714 => 208715)


--- branches/safari-602-branch/LayoutTests/ChangeLog	2016-11-15 00:19:20 UTC (rev 208714)
+++ branches/safari-602-branch/LayoutTests/ChangeLog	2016-11-15 00:19:24 UTC (rev 208715)
@@ -1,3 +1,21 @@
+2016-11-14  Matthew Hanson  <[email protected]>
+
+        Merge r208691. rdar://problem/29250304
+
+    2016-11-14  David Kilzer  <[email protected]>
+
+            Bug 164702: WebContent crash due to checked unsigned overflow in WebCore: WebCore::RenderLayerCompositor::requiresCompositingLayer const + 1104
+            <https://webkit.org/b/164702>
+            <rdar://problem/29236368>
+
+            Reviewed by Darin Adler.
+
+            * inspector/layers/layers-compositing-reasons-expected.txt:
+            Update results.
+            * inspector/layers/layers-compositing-reasons.html: Update to
+            reproduce the crash.  This does not reproduce the original crash
+            stack, but does exercise the same crashing code.
+
 2016-11-09  Ryan Haddad  <[email protected]>
 
         Land test expectations for rdar://problem/29169239.

Modified: branches/safari-602-branch/LayoutTests/inspector/layers/layers-compositing-reasons-expected.txt (208714 => 208715)


--- branches/safari-602-branch/LayoutTests/inspector/layers/layers-compositing-reasons-expected.txt	2016-11-15 00:19:20 UTC (rev 208714)
+++ branches/safari-602-branch/LayoutTests/inspector/layers/layers-compositing-reasons-expected.txt	2016-11-15 00:19:24 UTC (rev 208715)
@@ -1,4 +1,4 @@
-
+ 
 === Enable the LayerTree agent ===
 
 PASS
@@ -15,4 +15,5 @@
 
 PASS: <div id="opacity-container"> is composited due to having an opacity style and a composited child.
 PASS: <div id="child"> is composited due to having "backface-visibility: hidden" and a 3D transform.
+PASS: <canvas id="canvas"> is composited due to having a 3D transform.

Modified: branches/safari-602-branch/LayoutTests/inspector/layers/layers-compositing-reasons.html (208714 => 208715)


--- branches/safari-602-branch/LayoutTests/inspector/layers/layers-compositing-reasons.html	2016-11-15 00:19:20 UTC (rev 208714)
+++ branches/safari-602-branch/LayoutTests/inspector/layers/layers-compositing-reasons.html	2016-11-15 00:19:24 UTC (rev 208715)
@@ -73,6 +73,11 @@
                     "<div id=\"child\"> is composited due to having \"backface-visibility: hidden\" and a 3D transform",
                     compositingReasons.transform3D && compositingReasons.backfaceVisibilityHidden,
                     true);
+            } else if (hasId(node, "canvas")) {
+                assert(
+                    "<canvas id=\"canvas\"> is composited due to having a 3D transform",
+                    compositingReasons.transform3D,
+                    true);
             }
 
             if (++count === layers.length)
@@ -152,6 +157,10 @@
         -webkit-transform: translateZ(0);
     }
 
+    #canvas {
+        transform: translate3D(0,0,0);
+    }
+
 </style>
 </head>
 <body>
@@ -162,5 +171,7 @@
         <div id="child"></div>
     </div>
 
+    <canvas id="canvas" width="65537" height="65537"></canvas>
+
 </body>
 </html>

Modified: branches/safari-602-branch/Source/WebCore/ChangeLog (208714 => 208715)


--- branches/safari-602-branch/Source/WebCore/ChangeLog	2016-11-15 00:19:20 UTC (rev 208714)
+++ branches/safari-602-branch/Source/WebCore/ChangeLog	2016-11-15 00:19:24 UTC (rev 208715)
@@ -1,5 +1,23 @@
 2016-11-14  Matthew Hanson  <[email protected]>
 
+        Merge r208691. rdar://problem/29250304
+
+    2016-11-14  David Kilzer  <[email protected]>
+
+            Bug 164702: WebContent crash due to checked unsigned overflow in WebCore: WebCore::RenderLayerCompositor::requiresCompositingLayer const + 1104
+            <https://webkit.org/b/164702>
+            <rdar://problem/29236368>
+
+            Reviewed by Darin Adler.
+
+            Test: inspector/layers/layers-compositing-reasons.html
+
+            * rendering/RenderLayerCompositor.cpp:
+            (WebCore::RenderLayerCompositor::requiresCompositingForCanvas):
+            Don't composite if the canvas area overflows.
+
+2016-11-14  Matthew Hanson  <[email protected]>
+
         Merge r208655. rdar://problem/29250302
 
     2016-11-12  Wenson Hsieh  <[email protected]>

Modified: branches/safari-602-branch/Source/WebCore/rendering/RenderLayerCompositor.cpp (208714 => 208715)


--- branches/safari-602-branch/Source/WebCore/rendering/RenderLayerCompositor.cpp	2016-11-15 00:19:20 UTC (rev 208714)
+++ branches/safari-602-branch/Source/WebCore/rendering/RenderLayerCompositor.cpp	2016-11-15 00:19:24 UTC (rev 208715)
@@ -2543,7 +2543,8 @@
         bool isCanvasLargeEnoughToForceCompositing = true;
 #else
         HTMLCanvasElement* canvas = downcast<HTMLCanvasElement>(renderer.element());
-        bool isCanvasLargeEnoughToForceCompositing = canvas->size().area().unsafeGet() >= canvasAreaThresholdRequiringCompositing;
+        auto canvasArea = canvas->size().area<RecordOverflow>();
+        bool isCanvasLargeEnoughToForceCompositing = !canvasArea.hasOverflowed() && canvasArea.unsafeGet() >= canvasAreaThresholdRequiringCompositing;
 #endif
         CanvasCompositingStrategy compositingStrategy = canvasCompositingStrategy(renderer);
         return compositingStrategy == CanvasAsLayerContents || (compositingStrategy == CanvasPaintedToLayer && isCanvasLargeEnoughToForceCompositing);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to