[webkit-changes] [WebKit/WebKit] bb8055: CrashOnOverflow::crash() in WebKit::RemoteLayerBac...

Thu, 18 Jan 2024 03:53:30 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: bb80551dbd88f20894255ac92baa7c438c6731c7
      
https://github.com/WebKit/WebKit/commit/bb80551dbd88f20894255ac92baa7c438c6731c7
  Author: Erica Li <ler...@apple.com>
  Date:   2024-01-18 (Thu, 18 Jan 2024)

  Changed paths:
    A 
LayoutTests/remote-layer-tree/image-buffer-backend-size-area-overflow-crash-expected.txt
    A 
LayoutTests/remote-layer-tree/image-buffer-backend-size-area-overflow-crash.html
    M Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp
    M Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm

  Log Message:
  -----------
  CrashOnOverflow::crash() in 
WebKit::RemoteLayerBackingStore::supportsPartialRepaint() const + 0 
(RemoteLayerBackingStore.mm:303).
https://bugs.webkit.org/show_bug.cgi?id=267635
rdar://120842299

Reviewed by Kimmo Kinnunen.

Adding overflow check to where ImageBuffer::calculateBackendSize is used to 
calcuate area as it is not safe (casting FloatSize to IntSize).

* 
LayoutTests/remote-layer-tree/image-buffer-backend-size-area-overflow-crash-expected.txt:
 Added.
* 
LayoutTests/remote-layer-tree/image-buffer-backend-size-area-overflow-crash.html:
 Added.
* Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp:
(WebKit::isSmallLayerBacking):
* Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:
(WebKit::RemoteLayerBackingStore::supportsPartialRepaint const):

Canonical link: https://commits.webkit.org/273174@main


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to