Changeset 249375 in webkit
- Timestamp:
- Sep 1, 2019 11:03:07 PM (5 years ago)
- Location:
- trunk/Source/WebKit
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
Shared/cairo/ShareableBitmapCairo.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r249371 r249375 1 2019-09-01 Fujii Hironori <Hironori.Fujii@sony.com> 2 3 [Cairo] out-of-bounds read in ShareableBitmap::paint if a fractional device scale factor is used 4 https://bugs.webkit.org/show_bug.cgi?id=196340 5 6 Reviewed by Brent Fulgham. 7 8 In ShareableBitmap::paint, srcRectScaled can be out-of-bounds of 9 the surface if a fractional device scale factor is used. 10 11 * Shared/cairo/ShareableBitmapCairo.cpp: 12 (WebKit::ShareableBitmap::paint): Use cairoSurfaceSetDeviceScale 13 to set a device scale factor to the surface instead of multiplying 14 srcRect with a device scale factor. 15 1 16 2019-09-01 Fujii Hironori <Hironori.Fujii@sony.com> 2 17 -
trunk/Source/WebKit/Shared/cairo/ShareableBitmapCairo.cpp
r248846 r249375 72 72 { 73 73 RefPtr<cairo_surface_t> surface = createSurfaceFromData(data(), m_size); 74 cairoSurfaceSetDeviceScale(surface.get(), scaleFactor, scaleFactor); 74 75 FloatRect destRect(dstPoint, srcRect.size()); 75 FloatRect srcRectScaled(srcRect);76 srcRectScaled.scale(scaleFactor);77 76 78 77 ASSERT(context.hasPlatformContext()); 79 78 auto& state = context.state(); 80 Cairo::drawSurface(*context.platformContext(), surface.get(), destRect, srcRect Scaled, state.imageInterpolationQuality, state.alpha, Cairo::ShadowState(state));79 Cairo::drawSurface(*context.platformContext(), surface.get(), destRect, srcRect, state.imageInterpolationQuality, state.alpha, Cairo::ShadowState(state)); 81 80 } 82 81
Note: See TracChangeset
for help on using the changeset viewer.
