diff options
| author | Russell Brenner <russellbrenner@google.com> | 2011-09-29 13:11:14 -0700 |
|---|---|---|
| committer | Russell Brenner <russellbrenner@google.com> | 2011-09-30 10:49:42 -0700 |
| commit | 7ab7fecfa0a24fe9563c23a04148af77e11bf551 (patch) | |
| tree | 62a39d7489b0b03c65c5ace1f1736453fcf94b74 /Source/WebKit | |
| parent | 74523e723bc5677780989d6a5834adc5c72c3683 (diff) | |
| download | external_webkit-7ab7fecfa0a24fe9563c23a04148af77e11bf551.zip external_webkit-7ab7fecfa0a24fe9563c23a04148af77e11bf551.tar.gz external_webkit-7ab7fecfa0a24fe9563c23a04148af77e11bf551.tar.bz2 | |
Initialize to BUCKET_SIZE instead of 0
Some execution path appears to be leaving mBucketSizeX and/or Y set
to 0, causing a divide-by-zero exception. This should only be
feasible when mWidth and mHeight are also 0, but, to keep things
safe, we'll initialize to BUCKET_SIZE instead.
Bug: 5391435
Change-Id: I4e01f980731619e6a6fb70a6eb315c44dd677c7b
Diffstat (limited to 'Source/WebKit')
| -rw-r--r-- | Source/WebKit/android/jni/PictureSet.cpp | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/Source/WebKit/android/jni/PictureSet.cpp b/Source/WebKit/android/jni/PictureSet.cpp index 3f40174..6edb7ba 100644 --- a/Source/WebKit/android/jni/PictureSet.cpp +++ b/Source/WebKit/android/jni/PictureSet.cpp @@ -81,17 +81,23 @@ public: namespace android { -PictureSet::PictureSet() - : mBucketSizeX(0), mBucketSizeY(0), mBucketCountX(0), mBucketCountY(0), - mHeight(0), mWidth(0) +PictureSet::PictureSet() : +#ifdef FAST_PICTURESET + mBucketSizeX(BUCKET_SIZE), mBucketSizeY(BUCKET_SIZE), + mBucketCountX(0), mBucketCountY(0), +#endif + mHeight(0), mWidth(0) { setDimensions(0, 0); mBaseArea = mAdditionalArea = 0; } -PictureSet::PictureSet(SkPicture* picture) - : mBucketSizeX(0), mBucketSizeY(0), mBucketCountX(0), mBucketCountY(0), - mHeight(0), mWidth(0) +PictureSet::PictureSet(SkPicture* picture) : +#ifdef FAST_PICTURESET + mBucketSizeX(BUCKET_SIZE), mBucketSizeY(BUCKET_SIZE), + mBucketCountX(0), mBucketCountY(0), +#endif + mHeight(0), mWidth(0) { mBaseArea = mAdditionalArea = 0; if (!picture) { @@ -311,6 +317,12 @@ void PictureSet::gatherBucketsForArea(WTF::Vector<Bucket*>& list, const SkIRect& rect.fLeft, rect.fTop, rect.fRight, rect.fBottom, rect.width(), rect.height()); + if (!mBucketSizeX || !mBucketSizeY) { + XLOGC("PictureSet::gatherBucketsForArea() called with bad bucket size: x=%d y=%d", + mBucketSizeX, mBucketSizeY); + return; + } + int x = rect.fLeft; int y = rect.fTop; int firstTileX = rect.fLeft / mBucketSizeX; @@ -337,6 +349,12 @@ void PictureSet::splitAdd(const SkIRect& rect) rect.fLeft, rect.fTop, rect.fRight, rect.fBottom, rect.width(), rect.height()); + if (!mBucketSizeX || !mBucketSizeY) { + XLOGC("PictureSet::splitAdd() called with bad bucket size: x=%d y=%d", + mBucketSizeX, mBucketSizeY); + return; + } + // TODO: reuse gatherBucketsForArea() (change Bucket to be a class) int x = rect.fLeft; int y = rect.fTop; @@ -631,6 +649,7 @@ void PictureSet::clear() bucket->clear(); } mBuckets.clear(); + mBucketSizeX = mBucketSizeY = BUCKET_SIZE; #else Pictures* last = mPictures.end(); for (Pictures* working = mPictures.begin(); working != last; working++) { @@ -640,7 +659,6 @@ void PictureSet::clear() mPictures.clear(); #endif // FAST_PICTURESET mWidth = mHeight = 0; - mBucketSizeX = mBucketSizeY = 0; } bool PictureSet::draw(SkCanvas* canvas) |