- Revision
- 91294
- Author
- simon.fra...@apple.com
- Date
- 2011-07-19 13:32:58 -0700 (Tue, 19 Jul 2011)
Log Message
2011-07-19 Simon Fraser <simon.fra...@apple.com>
Possible recursion in GraphicsLayerCA::updateGeometry()
https://bugs.webkit.org/show_bug.cgi?id=64815
Reviewed by Sam Weinig.
It was possible to recurse via updateGeometry/swapFromOrToTiledLayer/
updateContentsScale because updateGeometry() and updateContentsScale()
used different sizes; updateGeometry() used the scaled size, while
updateContentsScale() used the unscaled size.
Always use the unscaled size; the scaled size will be at most a couple
of pixels bigger, and our threshold is not close to the max texture
size limit, so using the slightly smaller size is OK.
Test: compositing/scaling/tiled-layer-recursion.html
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::updateGeometry):
(WebCore::GraphicsLayerCA::updateLayerDrawsContent):
(WebCore::GraphicsLayerCA::updateContentsScale):
(WebCore::GraphicsLayerCA::requiresTiledLayer):
* platform/graphics/ca/GraphicsLayerCA.h:
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (91293 => 91294)
--- trunk/LayoutTests/ChangeLog 2011-07-19 20:20:36 UTC (rev 91293)
+++ trunk/LayoutTests/ChangeLog 2011-07-19 20:32:58 UTC (rev 91294)
@@ -1,3 +1,16 @@
+2011-07-19 Simon Fraser <simon.fra...@apple.com>
+
+ Possible recursing in GraphicsLayerCA::updateGeometry()
+ https://bugs.webkit.org/show_bug.cgi?id=64815
+
+ Reviewed by Sam Weinig.
+
+ New tests that scales a page so that a compositing layer falls
+ close to the tiling threshold.
+
+ * compositing/scaling/tiled-layer-recursion-expected.txt: Added.
+ * compositing/scaling/tiled-layer-recursion.html: Added.
+
2011-07-19 Rob Buis <rb...@rim.com>
REGRESSION (r89951): svg/foreignObject/text-tref-02-b.svg failing on Leopard Intel Release (Tests)
Added: trunk/LayoutTests/compositing/scaling/tiled-layer-recursion-expected.txt (0 => 91294)
--- trunk/LayoutTests/compositing/scaling/tiled-layer-recursion-expected.txt (rev 0)
+++ trunk/LayoutTests/compositing/scaling/tiled-layer-recursion-expected.txt 2011-07-19 20:32:58 UTC (rev 91294)
@@ -0,0 +1 @@
+
Property changes on: trunk/LayoutTests/compositing/scaling/tiled-layer-recursion-expected.txt
___________________________________________________________________
Added: svn:mime-type
Added: svn:keywords
Added: svn:eol-style
Added: trunk/LayoutTests/compositing/scaling/tiled-layer-recursion.html (0 => 91294)
--- trunk/LayoutTests/compositing/scaling/tiled-layer-recursion.html (rev 0)
+++ trunk/LayoutTests/compositing/scaling/tiled-layer-recursion.html 2011-07-19 20:32:58 UTC (rev 91294)
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+
+<html>
+<head>
+ <style>
+ .composited {
+ background-color: green;
+ width: 200px;
+ height: 1333px;
+ -webkit-transform: translateZ(0);
+ }
+ </style>
+ <script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText(true);
+
+ function scalePage()
+ {
+ eventSender.scalePageBy(1.50025, 0, 0);
+ }
+
+ window.addEventListener('load', scalePage, false);
+ </script>
+</head>
+<body>
+ <!-- This test should not crash. -->
+ <div class="composited"></div>
+</body>
+</html>
Property changes on: trunk/LayoutTests/compositing/scaling/tiled-layer-recursion.html
___________________________________________________________________
Added: svn:mime-type
Added: svn:keywords
Added: svn:eol-style
Modified: trunk/Source/WebCore/ChangeLog (91293 => 91294)
--- trunk/Source/WebCore/ChangeLog 2011-07-19 20:20:36 UTC (rev 91293)
+++ trunk/Source/WebCore/ChangeLog 2011-07-19 20:32:58 UTC (rev 91294)
@@ -1,3 +1,28 @@
+2011-07-19 Simon Fraser <simon.fra...@apple.com>
+
+ Possible recursion in GraphicsLayerCA::updateGeometry()
+ https://bugs.webkit.org/show_bug.cgi?id=64815
+
+ Reviewed by Sam Weinig.
+
+ It was possible to recurse via updateGeometry/swapFromOrToTiledLayer/
+ updateContentsScale because updateGeometry() and updateContentsScale()
+ used different sizes; updateGeometry() used the scaled size, while
+ updateContentsScale() used the unscaled size.
+
+ Always use the unscaled size; the scaled size will be at most a couple
+ of pixels bigger, and our threshold is not close to the max texture
+ size limit, so using the slightly smaller size is OK.
+
+ Test: compositing/scaling/tiled-layer-recursion.html
+
+ * platform/graphics/ca/GraphicsLayerCA.cpp:
+ (WebCore::GraphicsLayerCA::updateGeometry):
+ (WebCore::GraphicsLayerCA::updateLayerDrawsContent):
+ (WebCore::GraphicsLayerCA::updateContentsScale):
+ (WebCore::GraphicsLayerCA::requiresTiledLayer):
+ * platform/graphics/ca/GraphicsLayerCA.h:
+
2011-07-19 Mihnea Ovidenie <mih...@adobe.com>
[CSSRegions]Parse -webkit-region-overflow property
Modified: trunk/Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp (91293 => 91294)
--- trunk/Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp 2011-07-19 20:20:36 UTC (rev 91293)
+++ trunk/Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp 2011-07-19 20:32:58 UTC (rev 91294)
@@ -1010,7 +1010,7 @@
FloatSize pixelAlignmentOffset;
computePixelAlignment(pageScaleFactor, positionRelativeToBase, scaledPosition, scaledSize, scaledAnchorPoint, pixelAlignmentOffset);
- bool needTiledLayer = requiresTiledLayer(pageScaleFactor, scaledSize);
+ bool needTiledLayer = requiresTiledLayer(pageScaleFactor);
if (needTiledLayer != m_usingTiledLayer)
swapFromOrToTiledLayer(needTiledLayer, pageScaleFactor, positionRelativeToBase);
@@ -1262,7 +1262,7 @@
void GraphicsLayerCA::updateLayerDrawsContent(float pageScaleFactor, const FloatPoint& positionRelativeToBase)
{
- bool needTiledLayer = requiresTiledLayer(pageScaleFactor, m_size);
+ bool needTiledLayer = requiresTiledLayer(pageScaleFactor);
if (needTiledLayer != m_usingTiledLayer)
swapFromOrToTiledLayer(needTiledLayer, pageScaleFactor, positionRelativeToBase);
@@ -1988,7 +1988,7 @@
void GraphicsLayerCA::updateContentsScale(float pageScaleFactor, const FloatPoint& positionRelativeToBase)
{
- bool needTiledLayer = requiresTiledLayer(pageScaleFactor, m_size);
+ bool needTiledLayer = requiresTiledLayer(pageScaleFactor);
if (needTiledLayer != m_usingTiledLayer)
swapFromOrToTiledLayer(needTiledLayer, pageScaleFactor, positionRelativeToBase);
@@ -2042,7 +2042,7 @@
return constrainedSize;
}
-bool GraphicsLayerCA::requiresTiledLayer(float pageScaleFactor, const FloatSize& size) const
+bool GraphicsLayerCA::requiresTiledLayer(float pageScaleFactor) const
{
if (!m_drawsContent || !m_allowTiledLayer)
return false;
@@ -2050,7 +2050,7 @@
float contentsScale = pageScaleFactor * backingScaleFactor();
// FIXME: catch zero-size height or width here (or earlier)?
- return size.width() * contentsScale > cMaxPixelDimension || size.height() * contentsScale > cMaxPixelDimension;
+ return m_size.width() * contentsScale > cMaxPixelDimension || m_size.height() * contentsScale > cMaxPixelDimension;
}
void GraphicsLayerCA::swapFromOrToTiledLayer(bool useTiledLayer, float pageScaleFactor, const FloatPoint& positionRelativeToBase)
Modified: trunk/Source/WebCore/platform/graphics/ca/GraphicsLayerCA.h (91293 => 91294)
--- trunk/Source/WebCore/platform/graphics/ca/GraphicsLayerCA.h 2011-07-19 20:20:36 UTC (rev 91293)
+++ trunk/Source/WebCore/platform/graphics/ca/GraphicsLayerCA.h 2011-07-19 20:32:58 UTC (rev 91294)
@@ -188,7 +188,7 @@
FloatSize constrainedSize() const;
- bool requiresTiledLayer(float pageScaleFactor, const FloatSize&) const;
+ bool requiresTiledLayer(float pageScaleFactor) const;
void swapFromOrToTiledLayer(bool useTiledLayer, float pageScaleFactor, const FloatPoint& positionRelativeToBase);
CompositingCoordinatesOrientation defaultContentsOrientation() const;
