[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.16-1409-g5afdf4d

weinig at apple.com weinig at apple.com
Thu Dec 3 13:34:55 UTC 2009


The following commit has been merged in the webkit-1.1 branch:
commit da3e18341ab8ec9b6b686b7b17f33028036ffc0d
Author: weinig at apple.com <weinig at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Nov 12 23:21:04 2009 +0000

    WebCore: Fix for <rdar://problem/7267951>
    Canvas methods should reject uses of NaN and Infinity.
    
    Reviewed by Oliver Hunt.
    
    Test: fast/canvas/canvas-with-illegal-args.html
    
    * html/canvas/CanvasRenderingContext2D.cpp:
    (WebCore::CanvasRenderingContext2D::scale):
    (WebCore::CanvasRenderingContext2D::rotate):
    (WebCore::CanvasRenderingContext2D::translate):
    (WebCore::CanvasRenderingContext2D::transform):
    (WebCore::CanvasRenderingContext2D::setTransform):
    
    LayoutTests: Test for <rdar://problem/7267951>
    Canvas methods should reject uses of NaN and Infinity.
    
    Reviewed by Oliver Hunt.
    
    * fast/canvas/canvas-with-illegal-args-expected.txt: Added.
    * fast/canvas/canvas-with-illegal-args.html: Added.
    * fast/canvas/script-tests/canvas-with-illegal-args.js: Added.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50910 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index f6c6a89..15beb3a 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2009-11-12  Sam Weinig  <sam at webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Test for <rdar://problem/7267951>
+        Canvas methods should reject uses of NaN and Infinity.
+
+        * fast/canvas/canvas-with-illegal-args-expected.txt: Added.
+        * fast/canvas/canvas-with-illegal-args.html: Added.
+        * fast/canvas/script-tests/canvas-with-illegal-args.js: Added.
+
 2009-11-12  Mark Rowe  <mrowe at apple.com>
 
         Skip an accessibility test that covers functionality not available on Tiger or Leopard.
diff --git a/LayoutTests/fast/canvas/canvas-with-illegal-args-expected.txt b/LayoutTests/fast/canvas/canvas-with-illegal-args-expected.txt
new file mode 100644
index 0000000..0ee524a
--- /dev/null
+++ b/LayoutTests/fast/canvas/canvas-with-illegal-args-expected.txt
@@ -0,0 +1,42 @@
+Series of tests to ensure correct behaviour of calling canvas methods with illegal arguments (Infintiy and NaN)
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+Test scale.
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+Test translate.
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+Test rotate.
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/canvas/canvas-with-illegal-args.html b/LayoutTests/fast/canvas/canvas-with-illegal-args.html
new file mode 100644
index 0000000..2fc3413
--- /dev/null
+++ b/LayoutTests/fast/canvas/canvas-with-illegal-args.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../js/resources/js-test-style.css">
+<script src="../js/resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/canvas-with-illegal-args.js"></script>
+<script src="../js/resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/fast/canvas/script-tests/canvas-with-illegal-args.js b/LayoutTests/fast/canvas/script-tests/canvas-with-illegal-args.js
new file mode 100644
index 0000000..fffebaf
--- /dev/null
+++ b/LayoutTests/fast/canvas/script-tests/canvas-with-illegal-args.js
@@ -0,0 +1,132 @@
+description("Series of tests to ensure correct behaviour of calling canvas methods with illegal arguments (Infintiy and NaN)");
+
+var ctx;
+
+debug("Test scale.");
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.scale(NaN, 1);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.scale(1, NaN);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.scale(Infinity, 1);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.scale(1, Infinity);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+
+
+debug("Test translate.");
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.translate(NaN, 1);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.translate(1, NaN);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.translate(Infinity, 1);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.translate(1, Infinity);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+
+debug("Test rotate.");
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.rotate(NaN);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.rotate(Infinity);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+
+var successfullyParsed = true;
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 9f15c37..889af0b 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2009-11-12  Sam Weinig  <sam at webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Fix for <rdar://problem/7267951>
+        Canvas methods should reject uses of NaN and Infinity.
+
+        Test: fast/canvas/canvas-with-illegal-args.html
+
+        * html/canvas/CanvasRenderingContext2D.cpp:
+        (WebCore::CanvasRenderingContext2D::scale):
+        (WebCore::CanvasRenderingContext2D::rotate):
+        (WebCore::CanvasRenderingContext2D::translate):
+        (WebCore::CanvasRenderingContext2D::transform):
+        (WebCore::CanvasRenderingContext2D::setTransform):
+
 2009-11-12  Pavel Feldman  <pfeldman at chromium.org>
 
         Reviewed by Timothy Hatcher.
diff --git a/WebCore/html/canvas/CanvasRenderingContext2D.cpp b/WebCore/html/canvas/CanvasRenderingContext2D.cpp
index 0f4925e..59ac063 100644
--- a/WebCore/html/canvas/CanvasRenderingContext2D.cpp
+++ b/WebCore/html/canvas/CanvasRenderingContext2D.cpp
@@ -355,6 +355,9 @@ void CanvasRenderingContext2D::scale(float sx, float sy)
     if (!state().m_invertibleCTM)
         return;
 
+    if (!isfinite(sx) | !isfinite(sy))
+        return;
+
     TransformationMatrix newTransform = state().m_transform;
     newTransform.scaleNonUniform(sx, sy);
     if (!newTransform.isInvertible()) {
@@ -375,6 +378,9 @@ void CanvasRenderingContext2D::rotate(float angleInRadians)
     if (!state().m_invertibleCTM)
         return;
 
+    if (!isfinite(angleInRadians))
+        return;
+
     TransformationMatrix newTransform = state().m_transform;
     newTransform.rotate(angleInRadians / piDouble * 180.0);
     if (!newTransform.isInvertible()) {
@@ -395,6 +401,9 @@ void CanvasRenderingContext2D::translate(float tx, float ty)
     if (!state().m_invertibleCTM)
         return;
 
+    if (!isfinite(tx) | !isfinite(ty))
+        return;
+
     TransformationMatrix newTransform = state().m_transform;
     newTransform.translate(tx, ty);
     if (!newTransform.isInvertible()) {
@@ -414,8 +423,7 @@ void CanvasRenderingContext2D::transform(float m11, float m12, float m21, float
         return;
     if (!state().m_invertibleCTM)
         return;
-    
-    // HTML5 3.14.11.1 -- ignore any calls that pass non-finite numbers
+
     if (!isfinite(m11) | !isfinite(m21) | !isfinite(dx) | 
         !isfinite(m12) | !isfinite(m22) | !isfinite(dy))
         return;
@@ -438,7 +446,6 @@ void CanvasRenderingContext2D::setTransform(float m11, float m12, float m21, flo
     if (!c)
         return;
     
-    // HTML5 3.14.11.1 -- ignore any calls that pass non-finite numbers
     if (!isfinite(m11) | !isfinite(m21) | !isfinite(dx) | 
         !isfinite(m12) | !isfinite(m22) | !isfinite(dy))
         return;

-- 
WebKit Debian packaging



More information about the Pkg-webkit-commits mailing list