[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

vangelis at chromium.org vangelis at chromium.org
Wed Dec 22 13:30:22 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit fde4f1e07fe919d3da0914b2db75c7cc064d2141
Author: vangelis at chromium.org <vangelis at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Sep 17 16:27:41 2010 +0000

    2010-09-16  Vangelis Kokkevis  <vangelis at chromium.org>
    
            Reviewed by James Robinson.
    
            [chromium] Clip the update region of an ImageLayerChromium to actual size
            of the image bitmap to prevent uninitialized memory access when uploading
            the dirty region to the texture.
            https://bugs.webkit.org/show_bug.cgi?id=45937
    
    
            * platform/graphics/chromium/ImageLayerChromium.cpp:
            (WebCore::ImageLayerChromium::updateContents):
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@67714 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 1c84629..4cb8683 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-09-16  Vangelis Kokkevis  <vangelis at chromium.org>
+
+        Reviewed by James Robinson.
+
+        [chromium] Clip the update region of an ImageLayerChromium to actual size
+        of the image bitmap to prevent uninitialized memory access when uploading
+        the dirty region to the texture.
+        https://bugs.webkit.org/show_bug.cgi?id=45937
+
+
+        * platform/graphics/chromium/ImageLayerChromium.cpp:
+        (WebCore::ImageLayerChromium::updateContents):
+
 2010-09-17  Dimitri Glazkov  <dglazkov at chromium.org>
 
         Reviewed by David Hyatt.
diff --git a/WebCore/platform/graphics/chromium/ImageLayerChromium.cpp b/WebCore/platform/graphics/chromium/ImageLayerChromium.cpp
index 0ed3973..c97be82 100644
--- a/WebCore/platform/graphics/chromium/ImageLayerChromium.cpp
+++ b/WebCore/platform/graphics/chromium/ImageLayerChromium.cpp
@@ -76,7 +76,6 @@ void ImageLayerChromium::updateContents()
     ASSERT(layerRenderer());
 
     void* pixels = 0;
-    IntRect dirtyRect(m_dirtyRect);
     IntSize requiredTextureSize;
     IntSize bitmapSize;
 
@@ -148,6 +147,10 @@ void ImageLayerChromium::updateContents()
     if (!textureId)
         textureId = layerRenderer()->createLayerTexture();
 
+    // Clip the dirty rect to the bitmap dimensions.
+    IntRect dirtyRect(m_dirtyRect);
+    dirtyRect.intersect(IntRect(IntPoint(0, 0), bitmapSize));
+
     if (pixels)
         updateTextureRect(pixels, bitmapSize, requiredTextureSize,  dirtyRect, textureId);
 }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list