[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
weinig at apple.com
weinig at apple.com
Wed Apr 7 23:35:36 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit 0188657d6a83aff57a00f60a766ca3c0e25d3289
Author: weinig at apple.com <weinig at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Nov 12 23:21:04 2009 +0000
WebCore: Fix for <rdar://problem/7267951>
Canvas methods should reject uses of NaN and Infinity.
Reviewed by Oliver Hunt.
Test: fast/canvas/canvas-with-illegal-args.html
* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::scale):
(WebCore::CanvasRenderingContext2D::rotate):
(WebCore::CanvasRenderingContext2D::translate):
(WebCore::CanvasRenderingContext2D::transform):
(WebCore::CanvasRenderingContext2D::setTransform):
LayoutTests: Test for <rdar://problem/7267951>
Canvas methods should reject uses of NaN and Infinity.
Reviewed by Oliver Hunt.
* fast/canvas/canvas-with-illegal-args-expected.txt: Added.
* fast/canvas/canvas-with-illegal-args.html: Added.
* fast/canvas/script-tests/canvas-with-illegal-args.js: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50910 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index f6c6a89..15beb3a 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2009-11-12 Sam Weinig <sam at webkit.org>
+
+ Reviewed by Oliver Hunt.
+
+ Test for <rdar://problem/7267951>
+ Canvas methods should reject uses of NaN and Infinity.
+
+ * fast/canvas/canvas-with-illegal-args-expected.txt: Added.
+ * fast/canvas/canvas-with-illegal-args.html: Added.
+ * fast/canvas/script-tests/canvas-with-illegal-args.js: Added.
+
2009-11-12 Mark Rowe <mrowe at apple.com>
Skip an accessibility test that covers functionality not available on Tiger or Leopard.
diff --git a/LayoutTests/fast/canvas/canvas-with-illegal-args-expected.txt b/LayoutTests/fast/canvas/canvas-with-illegal-args-expected.txt
new file mode 100644
index 0000000..0ee524a
--- /dev/null
+++ b/LayoutTests/fast/canvas/canvas-with-illegal-args-expected.txt
@@ -0,0 +1,42 @@
+Series of tests to ensure correct behaviour of calling canvas methods with illegal arguments (Infintiy and NaN)
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+Test scale.
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+Test translate.
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+Test rotate.
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS imgdata[0] is 0
+PASS imgdata[1] is 128
+PASS imgdata[2] is 0
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/canvas/canvas-with-illegal-args.html b/LayoutTests/fast/canvas/canvas-with-illegal-args.html
new file mode 100644
index 0000000..2fc3413
--- /dev/null
+++ b/LayoutTests/fast/canvas/canvas-with-illegal-args.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../js/resources/js-test-style.css">
+<script src="../js/resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/canvas-with-illegal-args.js"></script>
+<script src="../js/resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/fast/canvas/script-tests/canvas-with-illegal-args.js b/LayoutTests/fast/canvas/script-tests/canvas-with-illegal-args.js
new file mode 100644
index 0000000..fffebaf
--- /dev/null
+++ b/LayoutTests/fast/canvas/script-tests/canvas-with-illegal-args.js
@@ -0,0 +1,132 @@
+description("Series of tests to ensure correct behaviour of calling canvas methods with illegal arguments (Infintiy and NaN)");
+
+var ctx;
+
+debug("Test scale.");
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.scale(NaN, 1);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.scale(1, NaN);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.scale(Infinity, 1);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.scale(1, Infinity);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+
+
+debug("Test translate.");
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.translate(NaN, 1);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.translate(1, NaN);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.translate(Infinity, 1);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.translate(1, Infinity);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+
+debug("Test rotate.");
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.rotate(NaN);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+ctx = document.createElement('canvas').getContext('2d');
+
+ctx.rotate(Infinity);
+ctx.fillStyle = 'green';
+ctx.fillRect(0, 0, 100, 100);
+
+var imageData = ctx.getImageData(50, 50, 1, 1);
+var imgdata = imageData.data;
+shouldBe("imgdata[0]", "0");
+shouldBe("imgdata[1]", "128");
+shouldBe("imgdata[2]", "0");
+
+
+var successfullyParsed = true;
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 9f15c37..889af0b 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2009-11-12 Sam Weinig <sam at webkit.org>
+
+ Reviewed by Oliver Hunt.
+
+ Fix for <rdar://problem/7267951>
+ Canvas methods should reject uses of NaN and Infinity.
+
+ Test: fast/canvas/canvas-with-illegal-args.html
+
+ * html/canvas/CanvasRenderingContext2D.cpp:
+ (WebCore::CanvasRenderingContext2D::scale):
+ (WebCore::CanvasRenderingContext2D::rotate):
+ (WebCore::CanvasRenderingContext2D::translate):
+ (WebCore::CanvasRenderingContext2D::transform):
+ (WebCore::CanvasRenderingContext2D::setTransform):
+
2009-11-12 Pavel Feldman <pfeldman at chromium.org>
Reviewed by Timothy Hatcher.
diff --git a/WebCore/html/canvas/CanvasRenderingContext2D.cpp b/WebCore/html/canvas/CanvasRenderingContext2D.cpp
index 0f4925e..59ac063 100644
--- a/WebCore/html/canvas/CanvasRenderingContext2D.cpp
+++ b/WebCore/html/canvas/CanvasRenderingContext2D.cpp
@@ -355,6 +355,9 @@ void CanvasRenderingContext2D::scale(float sx, float sy)
if (!state().m_invertibleCTM)
return;
+ if (!isfinite(sx) | !isfinite(sy))
+ return;
+
TransformationMatrix newTransform = state().m_transform;
newTransform.scaleNonUniform(sx, sy);
if (!newTransform.isInvertible()) {
@@ -375,6 +378,9 @@ void CanvasRenderingContext2D::rotate(float angleInRadians)
if (!state().m_invertibleCTM)
return;
+ if (!isfinite(angleInRadians))
+ return;
+
TransformationMatrix newTransform = state().m_transform;
newTransform.rotate(angleInRadians / piDouble * 180.0);
if (!newTransform.isInvertible()) {
@@ -395,6 +401,9 @@ void CanvasRenderingContext2D::translate(float tx, float ty)
if (!state().m_invertibleCTM)
return;
+ if (!isfinite(tx) | !isfinite(ty))
+ return;
+
TransformationMatrix newTransform = state().m_transform;
newTransform.translate(tx, ty);
if (!newTransform.isInvertible()) {
@@ -414,8 +423,7 @@ void CanvasRenderingContext2D::transform(float m11, float m12, float m21, float
return;
if (!state().m_invertibleCTM)
return;
-
- // HTML5 3.14.11.1 -- ignore any calls that pass non-finite numbers
+
if (!isfinite(m11) | !isfinite(m21) | !isfinite(dx) |
!isfinite(m12) | !isfinite(m22) | !isfinite(dy))
return;
@@ -438,7 +446,6 @@ void CanvasRenderingContext2D::setTransform(float m11, float m12, float m21, flo
if (!c)
return;
- // HTML5 3.14.11.1 -- ignore any calls that pass non-finite numbers
if (!isfinite(m11) | !isfinite(m21) | !isfinite(dx) |
!isfinite(m12) | !isfinite(m22) | !isfinite(dy))
return;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list