[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198
enne at google.com
enne at google.com
Mon Feb 21 00:06:42 UTC 2011
The following commit has been merged in the webkit-1.3 branch:
commit 6b5bce9e24e6ad6dcbaaf9bdc8ea23c795b16eff
Author: enne at google.com <enne at google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Jan 28 04:26:02 2011 +0000
2011-01-27 Adrienne Walker <enne at google.com>
Reviewed by Kenneth Russell.
[chromium] Add CRASH calls to further debug tiled compositor memcpy crash.
https://bugs.webkit.org/show_bug.cgi?id=52379
Test: LayoutTests/compositing (to verify these weren't triggered)
* platform/graphics/chromium/LayerTilerChromium.cpp:
(WebCore::LayerTilerChromium::invalidateRect):
(WebCore::LayerTilerChromium::update):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76914 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 589b2be..9980ecf 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2011-01-27 Adrienne Walker <enne at google.com>
+
+ Reviewed by Kenneth Russell.
+
+ [chromium] Add CRASH calls to further debug tiled compositor memcpy crash.
+ https://bugs.webkit.org/show_bug.cgi?id=52379
+
+ Test: LayoutTests/compositing (to verify these weren't triggered)
+
+ * platform/graphics/chromium/LayerTilerChromium.cpp:
+ (WebCore::LayerTilerChromium::invalidateRect):
+ (WebCore::LayerTilerChromium::update):
+
2011-01-27 Alexander Pavlov <apavlov at chromium.org>
Reviewed by Pavel Feldman.
diff --git a/Source/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp b/Source/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp
index 3b179b6..ca24f07 100644
--- a/Source/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp
+++ b/Source/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp
@@ -208,6 +208,8 @@ void LayerTilerChromium::invalidateRect(const IntRect& contentRect)
IntRect bound = tileLayerRect(i, j);
bound.intersect(layerRect);
tile->m_dirtyLayerRect.unite(bound);
+ if (!tileLayerRect(i, j).contains(tile->m_dirtyLayerRect))
+ CRASH();
}
}
}
@@ -272,7 +274,11 @@ void LayerTilerChromium::update(TilePaintInterface& painter, const IntRect& cont
// Get the contents of the updated rect.
const SkBitmap& bitmap = canvas->getDevice()->accessBitmap(false);
ASSERT(bitmap.width() == paintRect.width() && bitmap.height() == paintRect.height());
+ if (bitmap.width() != paintRect.width() || bitmap.height() != paintRect.height())
+ CRASH();
uint8_t* paintPixels = static_cast<uint8_t*>(bitmap.getPixels());
+ if (!paintPixels)
+ CRASH();
#elif PLATFORM(CG)
Vector<uint8_t> canvasPixels;
int rowBytes = 4 * paintRect.width();
@@ -306,6 +312,8 @@ void LayerTilerChromium::update(TilePaintInterface& painter, const IntRect& cont
for (int j = top; j <= bottom; ++j) {
for (int i = left; i <= right; ++i) {
Tile* tile = m_tiles[tileIndex(i, j)].get();
+ if (!tile)
+ CRASH();
if (!tile->dirty())
continue;
@@ -324,13 +332,21 @@ void LayerTilerChromium::update(TilePaintInterface& painter, const IntRect& cont
// Calculate tile-space rectangle to upload into.
IntRect destRect(IntPoint(sourceRect.x() - anchor.x(), sourceRect.y() - anchor.y()), sourceRect.size());
- ASSERT(destRect.x() >= 0);
- ASSERT(destRect.y() >= 0);
+ if (destRect.x() < 0)
+ CRASH();
+ if (destRect.y() < 0)
+ CRASH();
// Offset from paint rectangle to this tile's dirty rectangle.
IntPoint paintOffset(sourceRect.x() - paintRect.x(), sourceRect.y() - paintRect.y());
- ASSERT(paintOffset.x() >= 0);
- ASSERT(paintOffset.y() >= 0);
+ if (paintOffset.x() < 0)
+ CRASH();
+ if (paintOffset.y() < 0)
+ CRASH();
+ if (paintOffset.x() + destRect.width() > paintRect.width())
+ CRASH();
+ if (paintOffset.y() + destRect.height() > paintRect.height())
+ CRASH();
uint8_t* pixelSource;
if (paintRect.width() == sourceRect.width() && !paintOffset.x())
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list