git://git.webkit.org / WebKit-https.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: de81783)
Fix out-of-bounds access in Gradient::sortStopsIfNecessary
authoradamk@chromium.org <adamk@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 13 Sep 2011 03:55:41 +0000 (03:55 +0000)
committeradamk@chromium.org <adamk@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 13 Sep 2011 03:55:41 +0000 (03:55 +0000)
https://bugs.webkit.org/show_bug.cgi?id=67958

Reviewed by Darin Adler.

Reported by Valgrind in http://crbug.com/77049.

The errant code was added as an optimization in r67804.
This patch reverts that one, as all parties agree that the optimization
doesn't seem worthwhile, and there clearly aren't any tests covering
the special case.

No new tests, as existing tests should cover the remaining call to
|std::stable_sort|.

* platform/graphics/Gradient.cpp:
(WebCore::Gradient::sortStopsIfNecessary):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@95010 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog patch | blob | history
Source/WebCore/platform/graphics/Gradient.cpp patch | blob | history

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index e1b985c..f6247e4 100644 (file)
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,23 @@
+2011-09-12  Adam Klein  <adamk@chromium.org>
+
+        Fix out-of-bounds access in Gradient::sortStopsIfNecessary
+        https://bugs.webkit.org/show_bug.cgi?id=67958
+
+        Reviewed by Darin Adler.
+
+        Reported by Valgrind in http://crbug.com/77049.
+
+        The errant code was added as an optimization in r67804.
+        This patch reverts that one, as all parties agree that the optimization
+        doesn't seem worthwhile, and there clearly aren't any tests covering
+        the special case.
+
+        No new tests, as existing tests should cover the remaining call to
+        |std::stable_sort|.
+
+        * platform/graphics/Gradient.cpp:
+        (WebCore::Gradient::sortStopsIfNecessary):
+
 2011-09-12  Jacky Jiang  <zhajiang@rim.com>
 
         Setting document.title doesn't affect contents of title tag of XHTML documents
diff --git a/Source/WebCore/platform/graphics/Gradient.cpp b/Source/WebCore/platform/graphics/Gradient.cpp
index 7e3984f..fc7b741 100644 (file)
--- a/Source/WebCore/platform/graphics/Gradient.cpp
+++ b/Source/WebCore/platform/graphics/Gradient.cpp
@@ -124,10 +124,6 @@ void Gradient::sortStopsIfNecessary()
     if (!m_stops.size())
         return;
 
-    // Shortcut for the ideal case (ordered 2-stop gradient)
-    if (m_stops.size() == 2 && compareStops(*m_stops.begin(), *m_stops.end()))
-        return;
-
     std::stable_sort(m_stops.begin(), m_stops.end(), compareStops);
 }
 
Mirror of the WebKit open source project from svn.webkit.org.