Don't attempt to paint into zero-sized backing store
authorsimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 6 Oct 2014 21:52:42 +0000 (21:52 +0000)
committersimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 6 Oct 2014 21:52:42 +0000 (21:52 +0000)
https://bugs.webkit.org/show_bug.cgi?id=137465

Reviewed by Tim Horton.

Page scale could cause the backing store for a small composited element to become empty,
in which case we'd try to allocate, and paint into a graphics context with no surface
behind it.

Fix by bailing from RemoteLayerBackingStore::display() when checking the backing store
size after accounting for scale.

* Shared/mac/RemoteLayerBackingStore.h:
* Shared/mac/RemoteLayerBackingStore.mm:
(WebKit::RemoteLayerBackingStore::backingStoreSize):
(WebKit::RemoteLayerBackingStore::swapToValidFrontBuffer):
(WebKit::RemoteLayerBackingStore::display):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@174367 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/Shared/mac/RemoteLayerBackingStore.h
Source/WebKit2/Shared/mac/RemoteLayerBackingStore.mm

index 1226423..a867ecc 100644 (file)
@@ -1,3 +1,23 @@
+2014-10-06  Simon Fraser  <simon.fraser@apple.com>
+
+        Don't attempt to paint into zero-sized backing store
+        https://bugs.webkit.org/show_bug.cgi?id=137465
+
+        Reviewed by Tim Horton.
+        
+        Page scale could cause the backing store for a small composited element to become empty,
+        in which case we'd try to allocate, and paint into a graphics context with no surface
+        behind it.
+        
+        Fix by bailing from RemoteLayerBackingStore::display() when checking the backing store
+        size after accounting for scale.
+
+        * Shared/mac/RemoteLayerBackingStore.h:
+        * Shared/mac/RemoteLayerBackingStore.mm:
+        (WebKit::RemoteLayerBackingStore::backingStoreSize):
+        (WebKit::RemoteLayerBackingStore::swapToValidFrontBuffer):
+        (WebKit::RemoteLayerBackingStore::display):
+
 2014-10-06  Christophe Dumez  <cdumez@apple.com>
 
         Use is<>() / downcast<>() for ScrollingTree subclasses
index dfa8c33..d025c16 100644 (file)
@@ -96,6 +96,8 @@ private:
     void drawInContext(WebCore::GraphicsContext&, CGImageRef backImage);
     void clearBackingStore();
     void swapToValidFrontBuffer();
+    
+    WebCore::IntSize backingStoreSize() const;
 
     PlatformCALayerRemote* m_layer;
 
index 99078ed..7509049 100644 (file)
@@ -171,11 +171,16 @@ void RemoteLayerBackingStore::setNeedsDisplay()
     setNeedsDisplay(IntRect(IntPoint(), expandedIntSize(m_size)));
 }
 
-void RemoteLayerBackingStore::swapToValidFrontBuffer()
+IntSize RemoteLayerBackingStore::backingStoreSize() const
 {
     FloatSize scaledSize = m_size;
     scaledSize.scale(m_scale);
-    IntSize expandedScaledSize = roundedIntSize(scaledSize);
+    return roundedIntSize(scaledSize);
+}
+
+void RemoteLayerBackingStore::swapToValidFrontBuffer()
+{
+    IntSize expandedScaledSize = backingStoreSize();
 
 #if USE(IOSURFACE)
     if (m_acceleratesDrawing) {
@@ -215,7 +220,9 @@ bool RemoteLayerBackingStore::display()
     // Make the previous front buffer non-volatile early, so that we can dirty the whole layer if it comes back empty.
     setBufferVolatility(BufferType::Front, false);
 
-    if (m_dirtyRegion.isEmpty() || m_size.isEmpty())
+    IntSize expandedScaledSize = backingStoreSize();
+
+    if (m_dirtyRegion.isEmpty() || expandedScaledSize.isEmpty())
         return false;
 
     IntRect layerBounds(IntPoint(), expandedIntSize(m_size));
@@ -227,9 +234,6 @@ bool RemoteLayerBackingStore::display()
         m_dirtyRegion.unite(indicatorRect);
     }
 
-    FloatSize scaledSize = m_size;
-    scaledSize.scale(m_scale);
-    IntSize expandedScaledSize = roundedIntSize(scaledSize);
     IntRect expandedScaledLayerBounds(IntPoint(), expandedScaledSize);
     bool willPaintEntireBackingStore = m_dirtyRegion.contains(layerBounds);