REGRESSION (r226981): ASSERTION FAILED: startY >= 0 && endY <= height && startY ...
authorsimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 23 Jan 2018 01:34:33 +0000 (01:34 +0000)
committersimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 23 Jan 2018 01:34:33 +0000 (01:34 +0000)
commitea631dc58d78f187ada37c80bf5a5130af4f689d
treec5a785cb7684c4014eedb15d5cf2c1b7bd088a85
parentfaff90bfddbfe9253b3f28345fe892f46ae34f0e
REGRESSION (r226981): ASSERTION FAILED: startY >= 0 && endY <= height && startY < endY in WebCore::FEMorphology::platformApplyGeneric
https://bugs.webkit.org/show_bug.cgi?id=181836

Reviewed by Tim Horton.
Source/WebCore:

All the filters that use ParallelJobs<> has the same type of bug where very wide but not tall
filter regions could result in computing an optimalThreadNumber that was greater than the
number of rows to process, which resulted in jobs with zero rows to process.

Since we split the work by rows, cap the maximum number of threads to height/8 so that each job
has at least 8 rows of pixels to process. Add some assertions to detect jobs with zero rows.

FEMorphology was also using implicit float -> int conversion to detect integer overflow of radius,
so change that to use explicit clamping.

Tests: svg/filters/feLighting-parallel-jobs.svg
       svg/filters/feTurbulence-parallel-jobs-wide.svg

* platform/graphics/filters/FELighting.cpp:
(WebCore::FELighting::platformApplyGenericPaint):
(WebCore::FELighting::platformApplyGeneric):
* platform/graphics/filters/FEMorphology.cpp:
(WebCore::FEMorphology::platformApplyGeneric):
(WebCore::FEMorphology::platformApply):
(WebCore::FEMorphology::platformApplyDegenerate):
(WebCore::FEMorphology::platformApplySoftware):
* platform/graphics/filters/FETurbulence.cpp:
(WebCore::FETurbulence::fillRegion const):
(WebCore::FETurbulence::platformApplySoftware):

LayoutTests:

* svg/filters/feLighting-parallel-jobs.svg: Added.
* svg/filters/feMorphology-invalid-radius.svg: Change the test to detect the bug on non-Retina too.
* svg/filters/feTurbulence-parallel-jobs-wide.svg: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227374 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/svg/filters/feLighting-parallel-jobs-expected.txt [new file with mode: 0644]
LayoutTests/svg/filters/feLighting-parallel-jobs.svg [new file with mode: 0644]
LayoutTests/svg/filters/feMorphology-invalid-radius.svg
LayoutTests/svg/filters/feTurbulence-parallel-jobs-wide-expected.txt [new file with mode: 0644]
LayoutTests/svg/filters/feTurbulence-parallel-jobs-wide.svg [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/filters/FELighting.cpp
Source/WebCore/platform/graphics/filters/FEMorphology.cpp
Source/WebCore/platform/graphics/filters/FETurbulence.cpp