[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198
enne at google.com
enne at google.com
Sun Feb 20 22:55:33 UTC 2011
The following commit has been merged in the webkit-1.3 branch:
commit fe00ace1dfc2f8ef017cefdd8ece7a16ad57a4f6
Author: enne at google.com <enne at google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Jan 13 20:51:45 2011 +0000
2011-01-13 Adrienne Walker <enne at google.com>
Reviewed by Kenneth Russell.
[chromium] Attempt to fix crash in tiled compositor memcpy
https://bugs.webkit.org/show_bug.cgi?id=52379
* platform/graphics/chromium/LayerTilerChromium.cpp:
(WebCore::LayerTilerChromium::update):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75733 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 205626f..d3c2d74 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,13 @@
+2011-01-13 Adrienne Walker <enne at google.com>
+
+ Reviewed by Kenneth Russell.
+
+ [chromium] Attempt to fix crash in tiled compositor memcpy
+ https://bugs.webkit.org/show_bug.cgi?id=52379
+
+ * platform/graphics/chromium/LayerTilerChromium.cpp:
+ (WebCore::LayerTilerChromium::update):
+
2011-01-13 Dimitri Glazkov <dglazkov at chromium.org>
Unreviewed, rolling out r75725.
diff --git a/Source/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp b/Source/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp
index 31649a4..b4b4a72 100644
--- a/Source/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp
+++ b/Source/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp
@@ -315,12 +315,18 @@ void LayerTilerChromium::update(TilePaintInterface& painter, const IntRect& cont
IntRect sourceRect = tileContentRect(i, j);
const IntPoint anchor = sourceRect.location();
sourceRect.intersect(layerRectToContentRect(tile->m_dirtyLayerRect));
+ if (sourceRect.isEmpty())
+ continue;
// Calculate tile-space rectangle to upload into.
IntRect destRect(IntPoint(sourceRect.x() - anchor.x(), sourceRect.y() - anchor.y()), sourceRect.size());
+ ASSERT(destRect.x() >= 0);
+ ASSERT(destRect.y() >= 0);
// Offset from paint rectangle to this tile's dirty rectangle.
IntPoint paintOffset(sourceRect.x() - paintRect.x(), sourceRect.y() - paintRect.y());
+ ASSERT(paintOffset.x() >= 0);
+ ASSERT(paintOffset.y() >= 0);
uint8_t* pixelSource;
if (paintRect.width() == sourceRect.width() && !paintOffset.x())
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list