[webkit-changes] [99638] trunk

Tue, 08 Nov 2011 17:03:01 -0800

Title: [99638] trunk
Revision
99638
Author
commit-qu...@webkit.org
Date
2011-11-08 17:02:53 -0800 (Tue, 08 Nov 2011)

Log Message

fix REGRESSION: SVG feColorMatrix causes crash
https://bugs.webkit.org/show_bug.cgi?id=71287

Patch by Philip Rogers <p...@google.com> on 2011-11-08
Reviewed by Simon Fraser.

Source/WebCore:

Test: svg/filters/feColorMatrix-invalid-animation.svg

* svg/SVGAnimatedNumberList.cpp:
(WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue):

LayoutTests:

* svg/filters/feColorMatrix-invalid-animation-expected.png: Added.
* svg/filters/feColorMatrix-invalid-animation-expected.txt: Added.
* svg/filters/feColorMatrix-invalid-animation.svg: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (99637 => 99638)


--- trunk/LayoutTests/ChangeLog	2011-11-09 01:01:19 UTC (rev 99637)
+++ trunk/LayoutTests/ChangeLog	2011-11-09 01:02:53 UTC (rev 99638)
@@ -1,3 +1,14 @@
+2011-11-08  Philip Rogers  <p...@google.com>
+
+        fix REGRESSION: SVG feColorMatrix causes crash
+        https://bugs.webkit.org/show_bug.cgi?id=71287
+
+        Reviewed by Simon Fraser.
+
+        * svg/filters/feColorMatrix-invalid-animation-expected.png: Added.
+        * svg/filters/feColorMatrix-invalid-animation-expected.txt: Added.
+        * svg/filters/feColorMatrix-invalid-animation.svg: Added.
+
 2011-11-08  Ojan Vafai  <o...@chromium.org>
 
         Update the expectations. This test appears to also fail on the chromium mac bots.

Added: trunk/LayoutTests/svg/filters/feColorMatrix-invalid-animation-expected.png (0 => 99638)


--- trunk/LayoutTests/svg/filters/feColorMatrix-invalid-animation-expected.png	                        (rev 0)
+++ trunk/LayoutTests/svg/filters/feColorMatrix-invalid-animation-expected.png	2011-11-09 01:02:53 UTC (rev 99638)
@@ -0,0 +1,7 @@
+\x89PNG
+
+
+IHDR X')tEXtchecksum778803df0a824ed8f2c7dfa07c56832eh\x9F\xBD\xAC
+\xB7IDATx\x9C\xED\xD8\xC1	\x80@A\xCF\xC45\xF35
+\x87R\xC1<\x9BY\xC7}\xF0\xD2\\xB3{\xF0\xE7\xEE#\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b &\xB0b \xB6ff\xF7\x80_\xF1`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4@L`\xC4[#
+\xA9\xD6c\xF3IEND\xAEB`\x82
\ No newline at end of file

Added: trunk/LayoutTests/svg/filters/feColorMatrix-invalid-animation-expected.txt (0 => 99638)


--- trunk/LayoutTests/svg/filters/feColorMatrix-invalid-animation-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/svg/filters/feColorMatrix-invalid-animation-expected.txt	2011-11-09 01:02:53 UTC (rev 99638)
@@ -0,0 +1,6 @@
+layer at (0,0) size 800x600
+  RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+  RenderSVGRoot {svg} at (0,0) size 100x100
+    RenderSVGResourceFilter {filter} [id=""] [filterUnits=objectBoundingBox] [primitiveUnits=userSpaceOnUse]
+    RenderSVGPath {rect} at (0,0) size 100x100 [fill={[type=SOLID] [color=#008000]}] [x=0.00] [y=0.00] [width=100.00] [height=100.00]

Added: trunk/LayoutTests/svg/filters/feColorMatrix-invalid-animation.svg (0 => 99638)


--- trunk/LayoutTests/svg/filters/feColorMatrix-invalid-animation.svg	                        (rev 0)
+++ trunk/LayoutTests/svg/filters/feColorMatrix-invalid-animation.svg	2011-11-09 01:02:53 UTC (rev 99638)
@@ -0,0 +1,12 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+  <title id="test-title">feColorMatrix-invalid-animation</title>
+  <desc id="test-desc">This test passes if this page does not crash.</desc>
+  <filter>
+    <feColorMatrix in="SourceGraphic" >
+      <animate attributeName="values" from="123" to="456" />
+    </feColorMatrix>
+  </filter>
+  <rect x="0" y="0" width="100" height="100" fill="green"/>
+</svg>

Modified: trunk/Source/WebCore/ChangeLog (99637 => 99638)


--- trunk/Source/WebCore/ChangeLog	2011-11-09 01:01:19 UTC (rev 99637)
+++ trunk/Source/WebCore/ChangeLog	2011-11-09 01:02:53 UTC (rev 99638)
@@ -1,3 +1,15 @@
+2011-11-08  Philip Rogers  <p...@google.com>
+
+        fix REGRESSION: SVG feColorMatrix causes crash
+        https://bugs.webkit.org/show_bug.cgi?id=71287
+
+        Reviewed by Simon Fraser.
+
+        Test: svg/filters/feColorMatrix-invalid-animation.svg
+
+        * svg/SVGAnimatedNumberList.cpp:
+        (WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue):
+
 2011-11-08  Scott Graham  <scot...@chromium.org>
 
         Add support for arrays of numbers to IDL bindings code generator

Modified: trunk/Source/WebCore/svg/SVGAnimatedNumberList.cpp (99637 => 99638)


--- trunk/Source/WebCore/svg/SVGAnimatedNumberList.cpp	2011-11-09 01:01:19 UTC (rev 99637)
+++ trunk/Source/WebCore/svg/SVGAnimatedNumberList.cpp	2011-11-09 01:02:53 UTC (rev 99638)
@@ -92,7 +92,10 @@
             animatedNumberList = toNumberList;
         return;
     }
-    
+
+    if (itemsCount != animatedNumberList.size())
+        animatedNumberList.resize(itemsCount);
+
     for (unsigned i = 0; i < itemsCount; ++i)
         SVGAnimatedNumberAnimator::calculateAnimatedNumber(animationElement, percentage, repeatCount, animatedNumberList[i], fromNumberList[i], toNumberList[i]);
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to