Changeset 75733 in webkit

Timestamp:

Jan 13, 2011 12:51:45 PM (13 years ago)

Author:

enne@google.com

Message:

2011-01-13 Adrienne Walker <​enne@google.com>

Reviewed by Kenneth Russell.

[chromium] Attempt to fix crash in tiled compositor memcpy
​https://bugs.webkit.org/show_bug.cgi?id=52379

• platform/graphics/chromium/LayerTilerChromium.cpp: (WebCore::LayerTilerChromium::update):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• platform/graphics/chromium/LayerTilerChromium.cpp (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-01-13  Adrienne Walker  <enne@google.com>
+
+        Reviewed by Kenneth Russell.
+
+        [chromium] Attempt to fix crash in tiled compositor memcpy
+        https://bugs.webkit.org/show_bug.cgi?id=52379
+
+        * platform/graphics/chromium/LayerTilerChromium.cpp:
+        (WebCore::LayerTilerChromium::update):
+
 2011-01-13  Dimitri Glazkov  <dglazkov@chromium.org>
 

trunk/Source/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp

@@ -316 +316 @@
             const IntPoint anchor = sourceRect.location();
             sourceRect.intersect(layerRectToContentRect(tile->m_dirtyLayerRect));
+            if (sourceRect.isEmpty())
+                continue;
 
             // Calculate tile-space rectangle to upload into.
             IntRect destRect(IntPoint(sourceRect.x() - anchor.x(), sourceRect.y() - anchor.y()), sourceRect.size());
+            ASSERT(destRect.x() >= 0);
+            ASSERT(destRect.y() >= 0);
 
             // Offset from paint rectangle to this tile's dirty rectangle.
             IntPoint paintOffset(sourceRect.x() - paintRect.x(), sourceRect.y() - paintRect.y());
+            ASSERT(paintOffset.x() >= 0);
+            ASSERT(paintOffset.y() >= 0);
 
             uint8_t* pixelSource;