Detect and handle overflow in PlatformCALayerWinInternal::constrainedSize
authoraroben@apple.com <aroben@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Aug 2011 18:11:22 +0000 (18:11 +0000)
committeraroben@apple.com <aroben@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Aug 2011 18:11:22 +0000 (18:11 +0000)
commit66ef6c90f0bd8dddb30f1e14e95ace362cb085ff
treed7fa2a251f149dc3d1407edbc594ac696e9be84f
parenta9cd38b9ebb6e5c9fd991a20bff7f667d12dd0a9
Detect and handle overflow in PlatformCALayerWinInternal::constrainedSize

Google Maps sometimes requests very large (i.e., 2^50 pixels or greater) layers when
zooming. PlatformCALayerWinInternal has code to limit tiled layers to 2^27 pixels, but it
was not correctly handling overflow. In some cases, this would lead to creating a tiled
layer with 0 tiles, which was the cause of this crash.

Fixes <http://webkit.org/b/65637> <rdar://problem/9784849> Crash beneath
PlatformCALayerWinInternal::updateTiles when zooming on Google Maps

Reviewed by Sam Weinig.

Source/WebCore:

* platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:
(PlatformCALayerWinInternal::constrainedSize): Check for overflow before seeing if the
number of required tiles is larger than the maximum number of allowed tiles.
(PlatformCALayerWinInternal::updateTiles): Added an assertion to catch cases where we have a
non-empty tiled layer that contains 0 tiles, which would cause the crash in this bug report.

LayoutTests:

Test that a 2^25x2^25 pixel layer doesn't cause a crash

* compositing/tiling/crash-huge-layer-expected.txt: Added.
* compositing/tiling/crash-huge-layer.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@92389 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/compositing/tiling/crash-huge-layer-expected.txt [new file with mode: 0644]
LayoutTests/compositing/tiling/crash-huge-layer.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/ca/win/PlatformCALayerWinInternal.cpp