2011-07-19 Simon Fraser <simon.fraser@apple.com>
authorsimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 19 Jul 2011 20:32:58 +0000 (20:32 +0000)
committersimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 19 Jul 2011 20:32:58 +0000 (20:32 +0000)
        Possible recursion in GraphicsLayerCA::updateGeometry()
        https://bugs.webkit.org/show_bug.cgi?id=64815

        Reviewed by Sam Weinig.

        It was possible to recurse via updateGeometry/swapFromOrToTiledLayer/
        updateContentsScale because updateGeometry() and updateContentsScale()
        used different sizes; updateGeometry() used the scaled size, while
        updateContentsScale() used the unscaled size.

        Always use the unscaled size; the scaled size will be at most a couple
        of pixels bigger, and our threshold is not close to the max texture
        size limit, so using the slightly smaller size is OK.

        Test: compositing/scaling/tiled-layer-recursion.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::updateGeometry):
        (WebCore::GraphicsLayerCA::updateLayerDrawsContent):
        (WebCore::GraphicsLayerCA::updateContentsScale):
        (WebCore::GraphicsLayerCA::requiresTiledLayer):
        * platform/graphics/ca/GraphicsLayerCA.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@91294 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/compositing/scaling/tiled-layer-recursion-expected.txt [new file with mode: 0644]
LayoutTests/compositing/scaling/tiled-layer-recursion.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp
Source/WebCore/platform/graphics/ca/GraphicsLayerCA.h

index e03ec33..41a3fc8 100644 (file)
@@ -1,3 +1,16 @@
+2011-07-19  Simon Fraser  <simon.fraser@apple.com>
+
+        Possible recursing in GraphicsLayerCA::updateGeometry()
+        https://bugs.webkit.org/show_bug.cgi?id=64815
+
+        Reviewed by Sam Weinig.
+        
+        New tests that scales a page so that a compositing layer falls
+        close to the tiling threshold.
+
+        * compositing/scaling/tiled-layer-recursion-expected.txt: Added.
+        * compositing/scaling/tiled-layer-recursion.html: Added.
+
 2011-07-19  Rob Buis  <rbuis@rim.com>
 
         REGRESSION (r89951): svg/foreignObject/text-tref-02-b.svg failing on Leopard Intel Release (Tests)
diff --git a/LayoutTests/compositing/scaling/tiled-layer-recursion-expected.txt b/LayoutTests/compositing/scaling/tiled-layer-recursion-expected.txt
new file mode 100644 (file)
index 0000000..8b13789
--- /dev/null
@@ -0,0 +1 @@
+
diff --git a/LayoutTests/compositing/scaling/tiled-layer-recursion.html b/LayoutTests/compositing/scaling/tiled-layer-recursion.html
new file mode 100644 (file)
index 0000000..f8b189f
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+
+<html>
+<head>
+  <style>
+    .composited {
+      background-color: green;
+      width: 200px;
+      height: 1333px;
+      -webkit-transform: translateZ(0);
+    }
+  </style>
+  <script>
+    if (window.layoutTestController)
+      layoutTestController.dumpAsText(true);
+
+    function scalePage()
+    {
+      eventSender.scalePageBy(1.50025, 0, 0);
+    }
+  
+    window.addEventListener('load', scalePage, false);
+  </script>
+</head>
+<body>
+  <!-- This test should not crash. -->
+  <div class="composited"></div>
+</body>
+</html>
index 4a93e06..88bb56f 100644 (file)
@@ -1,3 +1,28 @@
+2011-07-19  Simon Fraser  <simon.fraser@apple.com>
+
+        Possible recursion in GraphicsLayerCA::updateGeometry()
+        https://bugs.webkit.org/show_bug.cgi?id=64815
+
+        Reviewed by Sam Weinig.
+        
+        It was possible to recurse via updateGeometry/swapFromOrToTiledLayer/
+        updateContentsScale because updateGeometry() and updateContentsScale()
+        used different sizes; updateGeometry() used the scaled size, while
+        updateContentsScale() used the unscaled size.
+        
+        Always use the unscaled size; the scaled size will be at most a couple
+        of pixels bigger, and our threshold is not close to the max texture
+        size limit, so using the slightly smaller size is OK.
+
+        Test: compositing/scaling/tiled-layer-recursion.html
+
+        * platform/graphics/ca/GraphicsLayerCA.cpp:
+        (WebCore::GraphicsLayerCA::updateGeometry):
+        (WebCore::GraphicsLayerCA::updateLayerDrawsContent):
+        (WebCore::GraphicsLayerCA::updateContentsScale):
+        (WebCore::GraphicsLayerCA::requiresTiledLayer):
+        * platform/graphics/ca/GraphicsLayerCA.h:
+
 2011-07-19  Mihnea Ovidenie  <mihnea@adobe.com>
 
         [CSSRegions]Parse -webkit-region-overflow property
index 3c7abf6..bd79949 100644 (file)
@@ -1010,7 +1010,7 @@ void GraphicsLayerCA::updateGeometry(float pageScaleFactor, const FloatPoint& po
     FloatSize pixelAlignmentOffset;
     computePixelAlignment(pageScaleFactor, positionRelativeToBase, scaledPosition, scaledSize, scaledAnchorPoint, pixelAlignmentOffset);
 
-    bool needTiledLayer = requiresTiledLayer(pageScaleFactor, scaledSize);
+    bool needTiledLayer = requiresTiledLayer(pageScaleFactor);
     if (needTiledLayer != m_usingTiledLayer)
         swapFromOrToTiledLayer(needTiledLayer, pageScaleFactor, positionRelativeToBase);
 
@@ -1262,7 +1262,7 @@ GraphicsLayerCA::StructuralLayerPurpose GraphicsLayerCA::structuralLayerPurpose(
 
 void GraphicsLayerCA::updateLayerDrawsContent(float pageScaleFactor, const FloatPoint& positionRelativeToBase)
 {
-    bool needTiledLayer = requiresTiledLayer(pageScaleFactor, m_size);
+    bool needTiledLayer = requiresTiledLayer(pageScaleFactor);
     if (needTiledLayer != m_usingTiledLayer)
         swapFromOrToTiledLayer(needTiledLayer, pageScaleFactor, positionRelativeToBase);
 
@@ -1988,7 +1988,7 @@ static float clampedContentsScaleForScale(float scale)
 
 void GraphicsLayerCA::updateContentsScale(float pageScaleFactor, const FloatPoint& positionRelativeToBase)
 {
-    bool needTiledLayer = requiresTiledLayer(pageScaleFactor, m_size);
+    bool needTiledLayer = requiresTiledLayer(pageScaleFactor);
     if (needTiledLayer != m_usingTiledLayer)
         swapFromOrToTiledLayer(needTiledLayer, pageScaleFactor, positionRelativeToBase);
 
@@ -2042,7 +2042,7 @@ FloatSize GraphicsLayerCA::constrainedSize() const
     return constrainedSize;
 }
 
-bool GraphicsLayerCA::requiresTiledLayer(float pageScaleFactor, const FloatSize& size) const
+bool GraphicsLayerCA::requiresTiledLayer(float pageScaleFactor) const
 {
     if (!m_drawsContent || !m_allowTiledLayer)
         return false;
@@ -2050,7 +2050,7 @@ bool GraphicsLayerCA::requiresTiledLayer(float pageScaleFactor, const FloatSize&
     float contentsScale = pageScaleFactor * backingScaleFactor();
 
     // FIXME: catch zero-size height or width here (or earlier)?
-    return size.width() * contentsScale > cMaxPixelDimension || size.height() * contentsScale > cMaxPixelDimension;
+    return m_size.width() * contentsScale > cMaxPixelDimension || m_size.height() * contentsScale > cMaxPixelDimension;
 }
 
 void GraphicsLayerCA::swapFromOrToTiledLayer(bool useTiledLayer, float pageScaleFactor, const FloatPoint& positionRelativeToBase)
index efcb425..2043f58 100644 (file)
@@ -188,7 +188,7 @@ private:
 
     FloatSize constrainedSize() const;
 
-    bool requiresTiledLayer(float pageScaleFactor, const FloatSize&) const;
+    bool requiresTiledLayer(float pageScaleFactor) const;
     void swapFromOrToTiledLayer(bool useTiledLayer, float pageScaleFactor, const FloatPoint& positionRelativeToBase);
 
     CompositingCoordinatesOrientation defaultContentsOrientation() const;