diff options
| author | Chris Craik <ccraik@google.com> | 2011-09-23 13:55:59 -0700 |
|---|---|---|
| committer | Chris Craik <ccraik@google.com> | 2011-09-23 14:47:51 -0700 |
| commit | 941349353627b11c3b9a4deeee6cd7ae831836c0 (patch) | |
| tree | 5d4ab6fa74d3f2501991b48f339406d229afce77 /Source | |
| parent | 10a44388d0f291ac0aa1af1a0ef9fa99c98c842c (diff) | |
| download | external_webkit-941349353627b11c3b9a4deeee6cd7ae831836c0.zip external_webkit-941349353627b11c3b9a4deeee6cd7ae831836c0.tar.gz external_webkit-941349353627b11c3b9a4deeee6cd7ae831836c0.tar.bz2 | |
Avoid infinite prepare loop if bad scale provided
bug:5362098
Note: we shouldn't be getting bad scales, now that the scale corruption issue
has been reverted. Added logging for these to wrap transfer queue as well to
detect fp corruption regression.
Change-Id: I5e6d2afc1d483452140fab5390395c9581db86ca
Diffstat (limited to 'Source')
| -rw-r--r-- | Source/WebCore/platform/graphics/android/GLWebViewState.cpp | 10 | ||||
| -rw-r--r-- | Source/WebCore/platform/graphics/android/TiledPage.cpp | 5 |
2 files changed, 14 insertions, 1 deletions
diff --git a/Source/WebCore/platform/graphics/android/GLWebViewState.cpp b/Source/WebCore/platform/graphics/android/GLWebViewState.cpp index 55419f4..9911cb3 100644 --- a/Source/WebCore/platform/graphics/android/GLWebViewState.cpp +++ b/Source/WebCore/platform/graphics/android/GLWebViewState.cpp @@ -68,6 +68,10 @@ #define RING_COLOR_G 0xb5 #define RING_COLOR_B 0xe5 +// log warnings if scale goes outside this range +#define MIN_SCALE_WARNING 0.1 +#define MAX_SCALE_WARNING 10 + namespace WebCore { using namespace android; @@ -559,11 +563,17 @@ bool GLWebViewState::drawGL(IntRect& rect, SkRect& viewport, IntRect* invalRect, if (baseForComposited && baseForComposited->countChildren() >= 1) compositedRoot = static_cast<LayerAndroid*>(baseForComposited->getChild(0)); + if (scale < MIN_SCALE_WARNING || scale > MAX_SCALE_WARNING) + XLOGC("WARNING, scale seems corrupted before update: %e", scale); + // Here before we draw, update the BaseTile which has updated content. // Inside this function, just do GPU blits from the transfer queue into // the BaseTiles' texture. TilesManager::instance()->transferQueue()->updateDirtyBaseTiles(); + if (scale < MIN_SCALE_WARNING || scale > MAX_SCALE_WARNING) + XLOGC("WARNING, scale seems corrupted after update: %e", scale); + // gather the textures we can use TilesManager::instance()->gatherLayerTextures(); diff --git a/Source/WebCore/platform/graphics/android/TiledPage.cpp b/Source/WebCore/platform/graphics/android/TiledPage.cpp index 2b8ebcc..0c7a2a8 100644 --- a/Source/WebCore/platform/graphics/android/TiledPage.cpp +++ b/Source/WebCore/platform/graphics/android/TiledPage.cpp @@ -274,7 +274,10 @@ void TiledPage::prepare(bool goingDown, bool goingLeft, const SkIRect& tileBound m_expandedTileBounds.fRight = lastTileX; m_expandedTileBounds.fBottom = lastTileY; - if (nbTilesHeight * nbTilesWidth > TilesManager::getMaxTextureAllocation() + 1) { + // check against corrupted scale values giving bad height/width (use float to avoid overflow) + float numTiles = static_cast<float>(nbTilesHeight) * static_cast<float>(nbTilesWidth); + if (numTiles > TilesManager::getMaxTextureAllocation() || nbTilesHeight < 1 || nbTilesWidth < 1) + { XLOGC("ERROR: We don't have enough tiles for this page!" " nbTilesHeight %d nbTilesWidth %d", nbTilesHeight, nbTilesWidth); return; |