Skip to site navigation (Press enter)

[webkit-changes] [95010] trunk/Source/WebCore

adamk Mon, 12 Sep 2011 20:54:42 -0700

Title: [95010] trunk/Source/WebCore

Revision: 95010
Author: ad...@chromium.org
Date: 2011-09-12 20:55:41 -0700 (Mon, 12 Sep 2011)

Log Message

Fix out-of-bounds access in Gradient::sortStopsIfNecessary
https://bugs.webkit.org/show_bug.cgi?id=67958


Reviewed by Darin Adler.

Reported by Valgrind in http://crbug.com/77049.

The errant code was added as an optimization in r67804.
This patch reverts that one, as all parties agree that the optimization
doesn't seem worthwhile, and there clearly aren't any tests covering
the special case.

No new tests, as existing tests should cover the remaining call to
|std::stable_sort|.

* platform/graphics/Gradient.cpp:
(WebCore::Gradient::sortStopsIfNecessary):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/platform/graphics/Gradient.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (95009 => 95010)


--- trunk/Source/WebCore/ChangeLog	2011-09-13 03:50:01 UTC (rev 95009)
+++ trunk/Source/WebCore/ChangeLog	2011-09-13 03:55:41 UTC (rev 95010)
@@ -1,3 +1,23 @@
+2011-09-12  Adam Klein  <ad...@chromium.org>
+
+        Fix out-of-bounds access in Gradient::sortStopsIfNecessary
+        https://bugs.webkit.org/show_bug.cgi?id=67958
+
+        Reviewed by Darin Adler.
+
+        Reported by Valgrind in http://crbug.com/77049.
+
+        The errant code was added as an optimization in r67804.
+        This patch reverts that one, as all parties agree that the optimization
+        doesn't seem worthwhile, and there clearly aren't any tests covering
+        the special case.
+
+        No new tests, as existing tests should cover the remaining call to
+        |std::stable_sort|.
+
+        * platform/graphics/Gradient.cpp:
+        (WebCore::Gradient::sortStopsIfNecessary):
+
 2011-09-12  Jacky Jiang  <zhaji...@rim.com>
 
         Setting document.title doesn't affect contents of title tag of XHTML documents

Modified: trunk/Source/WebCore/platform/graphics/Gradient.cpp (95009 => 95010)


--- trunk/Source/WebCore/platform/graphics/Gradient.cpp	2011-09-13 03:50:01 UTC (rev 95009)
+++ trunk/Source/WebCore/platform/graphics/Gradient.cpp	2011-09-13 03:55:41 UTC (rev 95010)
@@ -124,10 +124,6 @@
     if (!m_stops.size())
         return;
 
-    // Shortcut for the ideal case (ordered 2-stop gradient)
-    if (m_stops.size() == 2 && compareStops(*m_stops.begin(), *m_stops.end()))
-        return;
-
     std::stable_sort(m_stops.begin(), m_stops.end(), compareStops);
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes