[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

morrita at google.com morrita at google.com
Wed Dec 22 11:15:29 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 23716bcc0ecb44af28e62b1a38a90e2db8509f8c
Author: morrita at google.com <morrita at google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Jul 16 03:53:15 2010 +0000

    2010-07-15  MORITA Hajime  <morrita at google.com>
    
            Reviewed by David Levin.
    
            [Chromium][Win] Crashes with <keygen> with huge padding.
            https://bugs.webkit.org/show_bug.cgi?id=41737
    
            * fast/forms/large-parts-expected.txt: Added.
            * fast/forms/large-parts.html: Added.
    2010-07-15  MORITA Hajime  <morrita at google.com>
    
            Reviewed by David Levin.
    
            [Chromium][Win] Crashes with <keygen> with huge padding.
            https://bugs.webkit.org/show_bug.cgi?id=41737
    
            When we try to draw a large region, TransparencyWin can fail to
            allocate a temporal buffer for composition.  This change adds a
            fallback path to ThemePainter to handle the buffer allocation
            failure.
    
            ThemePainter is no longer a subclass of TransparencyWin.  It has
            a TransparencyWin as a member.
    
            Test: fast/forms/large-parts.html
    
            * rendering/RenderThemeChromiumWin.cpp:
            (WebCore::ThemePainter): Added a fallback path.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@63511 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 5d6b3d7..3c54d6d 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-07-15  MORITA Hajime  <morrita at google.com>
+
+        Reviewed by David Levin.
+
+        [Chromium][Win] Crashes with <keygen> with huge padding.
+        https://bugs.webkit.org/show_bug.cgi?id=41737
+
+        * fast/forms/large-parts-expected.txt: Added.
+        * fast/forms/large-parts.html: Added.
+
 2010-07-13  Zhenyao Mo  <zmo at google.com>
 
         Reviewed by Nate Chapin.
diff --git a/LayoutTests/fast/forms/large-parts-expected.txt b/LayoutTests/fast/forms/large-parts-expected.txt
new file mode 100644
index 0000000..7b4c69c
--- /dev/null
+++ b/LayoutTests/fast/forms/large-parts-expected.txt
@@ -0,0 +1,3 @@
+Test for Bug 41737. PASS unless crash.
+
+
diff --git a/LayoutTests/fast/forms/large-parts.html b/LayoutTests/fast/forms/large-parts.html
new file mode 100644
index 0000000..bedf508
--- /dev/null
+++ b/LayoutTests/fast/forms/large-parts.html
@@ -0,0 +1,13 @@
+<html>
+<head>
+  <title>Test for Bug 41737. PASS unless crash.</title>
+</head>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+</script>
+<body>
+<p>Test for Bug 41737. PASS unless crash.</p>
+<keygen style='padding: 10000; border-radius: 1;'></keygen>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 209a454..2016774 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,23 @@
+2010-07-15  MORITA Hajime  <morrita at google.com>
+
+        Reviewed by David Levin.
+
+        [Chromium][Win] Crashes with <keygen> with huge padding.
+        https://bugs.webkit.org/show_bug.cgi?id=41737
+
+        When we try to draw a large region, TransparencyWin can fail to
+        allocate a temporal buffer for composition.  This change adds a
+        fallback path to ThemePainter to handle the buffer allocation
+        failure.
+
+        ThemePainter is no longer a subclass of TransparencyWin.  It has
+        a TransparencyWin as a member.
+
+        Test: fast/forms/large-parts.html
+
+        * rendering/RenderThemeChromiumWin.cpp:
+        (WebCore::ThemePainter): Added a fallback path.
+
 2010-07-15  Yuzo Fujishima  <yuzo at google.com>
 
         Reviewed by Darin Adler.
diff --git a/WebCore/rendering/RenderThemeChromiumWin.cpp b/WebCore/rendering/RenderThemeChromiumWin.cpp
index 1172f96..97a9352 100644
--- a/WebCore/rendering/RenderThemeChromiumWin.cpp
+++ b/WebCore/rendering/RenderThemeChromiumWin.cpp
@@ -57,20 +57,36 @@
 namespace WebCore {
 
 namespace {
-class ThemePainter : public TransparencyWin {
+class ThemePainter {
 public:
     ThemePainter(GraphicsContext* context, const IntRect& r)
     {
-        TransformMode transformMode = getTransformMode(context->getCTM());
-        init(context, getLayerMode(context, transformMode), transformMode, r);
+        TransparencyWin::TransformMode transformMode = getTransformMode(context->getCTM());
+        m_helper.init(context, getLayerMode(context, transformMode), transformMode, r);
+
+        if (!m_helper.context()) {
+            // TransparencyWin doesn't have well-defined copy-ctor nor op=()
+            // so we re-initialize it instead of assigning a fresh istance.
+            // On the reinitialization, we fallback to use NoLayer mode.
+            // Note that the original initialization failure can be caused by
+            // a failure of an internal buffer allocation and NoLayer mode
+            // does not have such buffer allocations.
+            m_helper.~TransparencyWin();
+            new (&m_helper) TransparencyWin();
+            m_helper.init(context, TransparencyWin::NoLayer, transformMode, r);
+        }
     }
 
     ~ThemePainter()
     {
-        composite();
+        m_helper.composite();
     }
 
+    GraphicsContext* context() { return m_helper.context(); }
+    const IntRect& drawRect() { return m_helper.drawRect(); }
+
 private:
+
     static bool canvasHasMultipleLayers(const SkCanvas* canvas)
     {
         SkCanvas::LayerIter iter(const_cast<SkCanvas*>(canvas), false);
@@ -78,25 +94,27 @@ private:
         return !iter.done();  // There is > 1 layer if the the iterator can stil advance.
     }
 
-    static LayerMode getLayerMode(GraphicsContext* context, TransformMode transformMode)
+    static TransparencyWin::LayerMode getLayerMode(GraphicsContext* context, TransparencyWin::TransformMode transformMode)
     {
         if (context->platformContext()->isDrawingToImageBuffer())  // Might have transparent background.
-            return WhiteLayer;
+            return TransparencyWin::WhiteLayer;
         else if (canvasHasMultipleLayers(context->platformContext()->canvas()))  // Needs antialiasing help.
-            return OpaqueCompositeLayer;
+            return TransparencyWin::OpaqueCompositeLayer;
         else  // Nothing interesting.
-            return transformMode == KeepTransform ? NoLayer : OpaqueCompositeLayer;
+            return transformMode == TransparencyWin::KeepTransform ? TransparencyWin::NoLayer : TransparencyWin::OpaqueCompositeLayer;
     }
 
-    static TransformMode getTransformMode(const AffineTransform& matrix)
+    static TransparencyWin::TransformMode getTransformMode(const AffineTransform& matrix)
     {
         if (matrix.b() != 0 || matrix.c() != 0)  // Skew.
-            return Untransform;
+            return TransparencyWin::Untransform;
         else if (matrix.a() != 1.0 || matrix.d() != 1.0)  // Scale.
-            return ScaleTransform;
+            return TransparencyWin::ScaleTransform;
         else  // Nothing interesting.
-            return KeepTransform;
+            return TransparencyWin::KeepTransform;
     }
+
+    TransparencyWin m_helper;
 };
 
 }  // namespace

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list