[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

krit at webkit.org krit at webkit.org
Thu Apr 8 00:24:11 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit d793eed5e6d43f804106715ffb5901f20156c745
Author: krit at webkit.org <krit at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Mon Dec 7 20:32:07 2009 +0000

    2009-12-07  Shiki Okasaka  <shiki at google.com>
    
            Reviewed by Dirk Schulze.
    
            Avoid zero division during SVGPaintServerPattern::setup()
            https://bugs.webkit.org/show_bug.cgi?id=29912
    
            Fix zero division bugs in SVGPaintServerPattern::setup() that occurred
            if the tile of a pattern was bigger than the pattern and the pattern
            size was < 0.5, and if the attribute overflow was set to visible.
    
            Test: svg/custom/small-pattern.html
    
            * svg/graphics/SVGPaintServerPattern.cpp:
            (WebCore::SVGPaintServerPattern::setup):
    
    2009-12-07  Dirk Schulze  <krit at webkit.org>
    
            Reviewed by Adam Barth.
    
            If the tile of a pattern is bigger than the pattern and the
            pattern size is < 0.5, the SVGPaintServer produced a division
            by zero. This also only happens, if the attribute overflow is
            set to visible.
            This is a test with a pattern size of 0.1 and a tile size of 1.
    
            * svg/custom/script-tests/small-pattern.js: Added.
            * svg/custom/small-pattern-expected.txt: Added.
            * svg/custom/small-pattern.html: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@51789 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 5ebc1fd..4f10f69 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,17 @@
+2009-12-07  Dirk Schulze  <krit at webkit.org>
+
+        Reviewed by Adam Barth.
+
+        If the tile of a pattern is bigger than the pattern and the
+        pattern size is < 0.5, the SVGPaintServer produced a division
+        by zero. This also only happens, if the attribute overflow is
+        set to visible.
+        This is a test with a pattern size of 0.1 and a tile size of 1. 
+
+        * svg/custom/script-tests/small-pattern.js: Added.
+        * svg/custom/small-pattern-expected.txt: Added.
+        * svg/custom/small-pattern.html: Added.
+
 2009-12-07  Kenneth Russell  <kbr at google.com>
 
         Reviewed by Dimitri Glazkov.
diff --git a/LayoutTests/svg/custom/script-tests/small-pattern.js b/LayoutTests/svg/custom/script-tests/small-pattern.js
new file mode 100644
index 0000000..ae11433
--- /dev/null
+++ b/LayoutTests/svg/custom/script-tests/small-pattern.js
@@ -0,0 +1,28 @@
+description("Patterns shouldn't crash for size < 0.5 .");
+
+var svg = document.createElementNS("http://www.w3.org/2000/svg", "svg");
+document.documentElement.insertBefore(svg, document.documentElement.firstChild);
+
+var pattern = document.createElementNS("http://www.w3.org/2000/svg", "pattern");
+pattern.setAttribute("id", "pattern");
+pattern.setAttribute("width", "0.1");
+pattern.setAttribute("height", "0.1");
+pattern.setAttribute("overflow", "visible");
+pattern.setAttribute("patternUnits", "userSpaceOnUse");
+
+var patternRect = document.createElementNS("http://www.w3.org/2000/svg", "rect");
+patternRect.setAttribute("width", "1");
+patternRect.setAttribute("height", "1");
+patternRect.setAttribute("fill", "green");
+pattern.appendChild(patternRect);
+
+svg.appendChild(pattern);
+
+var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect");
+rect.setAttribute("width", "1");
+rect.setAttribute("height", "1");
+rect.setAttribute("fill", "url(#pattern)");
+
+svg.appendChild(rect);
+
+var successfullyParsed = true;
diff --git a/LayoutTests/svg/custom/small-pattern-expected.txt b/LayoutTests/svg/custom/small-pattern-expected.txt
new file mode 100644
index 0000000..7735c38
--- /dev/null
+++ b/LayoutTests/svg/custom/small-pattern-expected.txt
@@ -0,0 +1,9 @@
+Patterns shouldn't crash for size < 0.5 .
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/svg/custom/small-pattern.html b/LayoutTests/svg/custom/small-pattern.html
new file mode 100644
index 0000000..ef53c48
--- /dev/null
+++ b/LayoutTests/svg/custom/small-pattern.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
+<script src="../../fast/js/resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/small-pattern.js"></script>
+<script src="../../fast/js/resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index f4178cf..3b49879 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2009-12-07  Shiki Okasaka  <shiki at google.com>
+
+        Reviewed by Dirk Schulze.
+
+        Avoid zero division during SVGPaintServerPattern::setup()
+        https://bugs.webkit.org/show_bug.cgi?id=29912
+
+        Fix zero division bugs in SVGPaintServerPattern::setup() that occurred
+        if the tile of a pattern was bigger than the pattern and the pattern
+        size was < 0.5, and if the attribute overflow was set to visible.
+
+        Test: svg/custom/small-pattern.html
+
+        * svg/graphics/SVGPaintServerPattern.cpp:
+        (WebCore::SVGPaintServerPattern::setup):
+
 2009-12-07  Kenneth Russell  <kbr at google.com>
 
         Reviewed by Dimitri Glazkov.
diff --git a/WebCore/svg/graphics/SVGPaintServerPattern.cpp b/WebCore/svg/graphics/SVGPaintServerPattern.cpp
index 289c40c..27ef3f3 100644
--- a/WebCore/svg/graphics/SVGPaintServerPattern.cpp
+++ b/WebCore/svg/graphics/SVGPaintServerPattern.cpp
@@ -122,8 +122,8 @@ bool SVGPaintServerPattern::setup(GraphicsContext*& context, const RenderObject*
   
         GraphicsContext* tileImageContext = tileImage->context();
 
-        int numY = static_cast<int>(ceilf(tileRect.height() / tileHeight)) + 1;
-        int numX = static_cast<int>(ceilf(tileRect.width() / tileWidth)) + 1;
+        int numY = static_cast<int>(ceilf(tileRect.height() / patternBoundaries().height())) + 1;
+        int numX = static_cast<int>(ceilf(tileRect.width() / patternBoundaries().width())) + 1;
 
         tileImageContext->save();
         tileImageContext->translate(-patternBoundaries().width() * numX, -patternBoundaries().height() * numY);

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list