Cropping and drawing ImageBuffers results in uninitialized data being shown
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 5 Dec 2013 20:44:41 +0000 (20:44 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 5 Dec 2013 20:44:41 +0000 (20:44 +0000)
https://bugs.webkit.org/show_bug.cgi?id=125271

Patch by Myles C. Maxfield <mmaxfield@apple.com> on 2013-12-05
Reviewed by Simon Fraser.

createCroppedImageIfNecessary() crops to the bottom left of the ImageBuffer
backing store instead of the top left. In addition, ImageBuffer::draw()
draws the entire ImageBuffer's backing store instead of just the relevant
portion of it.

No new tests are necessary because the existing tests already test this
functionality

* platform/graphics/cg/ImageBufferCG.cpp:
(WebCore::createCroppedImageIfNecessary): Crop to the top left of the
backing store
(WebCore::ImageBuffer::draw): Draw only the logical portion of the
backing store

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@160189 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/cg/ImageBufferCG.cpp

index e49a425..d158bab 100644 (file)
@@ -1,3 +1,24 @@
+2013-12-05  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        Cropping and drawing ImageBuffers results in uninitialized data being shown
+        https://bugs.webkit.org/show_bug.cgi?id=125271
+
+        Reviewed by Simon Fraser.
+
+        createCroppedImageIfNecessary() crops to the bottom left of the ImageBuffer
+        backing store instead of the top left. In addition, ImageBuffer::draw()
+        draws the entire ImageBuffer's backing store instead of just the relevant
+        portion of it.
+
+        No new tests are necessary because the existing tests already test this
+        functionality
+
+        * platform/graphics/cg/ImageBufferCG.cpp:
+        (WebCore::createCroppedImageIfNecessary): Crop to the top left of the
+        backing store 
+        (WebCore::ImageBuffer::draw): Draw only the logical portion of the
+        backing store 
+
 2013-12-05  Joseph Pecoraro  <pecoraro@apple.com>
 
         Remove stale ScriptGlobalObject methods
index b12bd4f..b13d121 100644 (file)
@@ -204,7 +204,7 @@ static RetainPtr<CGImageRef> createCroppedImageIfNecessary(CGImageRef image, con
 {
     if (image && (CGImageGetWidth(image) != static_cast<size_t>(bounds.width())
         || CGImageGetHeight(image) != static_cast<size_t>(bounds.height()))) {
-        return adoptCF(CGImageCreateWithImageInRect(image, CGRectMake(0, static_cast<int>(CGImageGetHeight(image)) - bounds.height(), bounds.width(), bounds.height())));
+        return adoptCF(CGImageCreateWithImageInRect(image, CGRectMake(0, 0, bounds.width(), bounds.height())));
     }
     return image;
 }
@@ -278,7 +278,7 @@ void ImageBuffer::draw(GraphicsContext* destContext, ColorSpace styleColorSpace,
 
     FloatRect adjustedSrcRect = srcRect;
     adjustedSrcRect.scale(m_resolutionScale, m_resolutionScale);
-    destContext->drawNativeImage(image.get(), internalSize(), colorSpace, destRect, adjustedSrcRect, op, blendMode);
+    destContext->drawNativeImage(image.get(), m_data.m_backingStoreSize, colorSpace, destRect, adjustedSrcRect, op, blendMode);
 }
 
 void ImageBuffer::drawPattern(GraphicsContext* destContext, const FloatRect& srcRect, const AffineTransform& patternTransform, const FloatPoint& phase, ColorSpace styleColorSpace, CompositeOperator op, const FloatRect& destRect)