Title: [133706] branches/safari-536.28-branch/Source/WebKit2
- Revision
- 133706
- Author
- [email protected]
- Date
- 2012-11-06 18:26:23 -0800 (Tue, 06 Nov 2012)
Log Message
Merged r128935. <rdar://problem/12486170>
Modified Paths
Diff
Modified: branches/safari-536.28-branch/Source/WebKit2/ChangeLog (133705 => 133706)
--- branches/safari-536.28-branch/Source/WebKit2/ChangeLog 2012-11-07 02:06:22 UTC (rev 133705)
+++ branches/safari-536.28-branch/Source/WebKit2/ChangeLog 2012-11-07 02:26:23 UTC (rev 133706)
@@ -1,5 +1,25 @@
2012-11-06 Lucas Forschler <[email protected]>
+ Merge r128935
+
+ 2012-09-18 Anders Carlsson <[email protected]>
+
+ Division by zero crash in BackingStore::scroll
+ https://bugs.webkit.org/show_bug.cgi?id=97046
+ <rdar://problem/11722564>
+
+ Reviewed by Dan Bernstein.
+
+ It appears that DrawingAreaImpl::scroll can be called with an empty scroll rect. Do nothing
+ if that's the case. Also, assert that the scrolling rect in BackingStoreMac is never empty.
+
+ * UIProcess/mac/BackingStoreMac.mm:
+ (WebKit::BackingStore::scroll):
+ * WebProcess/WebPage/DrawingAreaImpl.cpp:
+ (WebKit::DrawingAreaImpl::scroll):
+
+2012-11-06 Lucas Forschler <[email protected]>
+
Merge r128792
2012-09-17 Anders Carlsson <[email protected]>
@@ -47443,3 +47463,4 @@
.
.
.
+.
Modified: branches/safari-536.28-branch/Source/WebKit2/UIProcess/mac/BackingStoreMac.mm (133705 => 133706)
--- branches/safari-536.28-branch/Source/WebKit2/UIProcess/mac/BackingStoreMac.mm 2012-11-07 02:06:22 UTC (rev 133705)
+++ branches/safari-536.28-branch/Source/WebKit2/UIProcess/mac/BackingStoreMac.mm 2012-11-07 02:26:23 UTC (rev 133706)
@@ -214,6 +214,8 @@
if (scrollOffset.isZero())
return;
+ ASSERT(!scrollRect.isEmpty());
+
if (!m_scrolledRect.isEmpty() && m_scrolledRect != scrollRect)
resetScrolledRect();
Modified: branches/safari-536.28-branch/Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp (133705 => 133706)
--- branches/safari-536.28-branch/Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp 2012-11-07 02:06:22 UTC (rev 133705)
+++ branches/safari-536.28-branch/Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp 2012-11-07 02:26:23 UTC (rev 133706)
@@ -117,6 +117,9 @@
if (m_webPage->mainFrameHasCustomRepresentation())
return;
+ if (scrollRect.isEmpty())
+ return;
+
if (!m_scrollRect.isEmpty() && scrollRect != m_scrollRect) {
unsigned scrollArea = scrollRect.width() * scrollRect.height();
unsigned currentScrollArea = m_scrollRect.width() * m_scrollRect.height();
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
