[SCM] WebKit Debian packaging branch, debian/experimental, updated. debian/1.3.8-1-1049-g2e11a8e

enne at google.com enne at google.com
Fri Jan 21 14:44:46 UTC 2011 

The following commit has been merged in the debian/experimental branch:
commit 421e57ee6a6b73c0cad3dea340448096dbaf132c
Author: enne at google.com <enne at google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Dec 28 21:53:52 2010 +0000

    2010-12-28  Adrienne Walker  <enne at google.com>
    
            Reviewed by Kenneth Russell.
    
            [chromium] Fix tiled compositor assertion after GPU process recovery.
            https://bugs.webkit.org/show_bug.cgi?id=51682
    
            After the GPU process recovers, the layer size is set to IntSize(),
            but IntRect::unite() has a special case for empty rects.  This
            behavior was causing the layer size to be too small, causing an
            out-of-bounds array access elsewhere.
    
            No new tests.
    
            * platform/graphics/chromium/LayerTilerChromium.cpp:
            (WebCore::LayerTilerChromium::growLayerToContain):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@74722 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index a8e327c..d102a47 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-12-28  Adrienne Walker  <enne at google.com>
+
+        Reviewed by Kenneth Russell.
+
+        [chromium] Fix tiled compositor assertion after GPU process recovery.
+        https://bugs.webkit.org/show_bug.cgi?id=51682
+
+        After the GPU process recovers, the layer size is set to IntSize(),
+        but IntRect::unite() has a special case for empty rects.  This
+        behavior was causing the layer size to be too small, causing an
+        out-of-bounds array access elsewhere.
+
+        No new tests.
+
+        * platform/graphics/chromium/LayerTilerChromium.cpp:
+        (WebCore::LayerTilerChromium::growLayerToContain):
+
 2010-12-23  Zhenyao Mo  <zmo at google.com>
 
         Reviewed by Kenneth Russell.
diff --git a/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp b/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp
index 749f462..31649a4 100644
--- a/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp
+++ b/WebCore/platform/graphics/chromium/LayerTilerChromium.cpp
@@ -398,9 +398,10 @@ void LayerTilerChromium::growLayerToContain(const IntRect& contentRect)
 {
     // Grow the tile array to contain this content rect.
     IntRect layerRect = contentRectToLayerRect(contentRect);
-    IntRect layer(IntPoint(0, 0), m_layerSize);
-    layer.unite(layerRect);
-    resizeLayer(layer.size());
+    IntSize layerSize = IntSize(layerRect.right(), layerRect.bottom());
+
+    IntSize newSize = layerSize.expandedTo(m_layerSize);
+    resizeLayer(newSize);
 }
 
 LayerTilerChromium::Tile::~Tile()

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list