Bug 61164

Summary: [chromium] Fix division by zero in TilingData for boundary case texture sizes
Product: WebKit Reporter: Adrienne Walker <enne>
Component: New BugsAssignee: Adrienne Walker <enne>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, enne, jamesr, scheib
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Adrienne Walker
Reported 2011-05-19 19:03:23 PDT
[chromium] Fix division by zero in TilingData for boundary case texture sizes
Attachments
Patch (6.25 KB, patch)
2011-05-19 19:05 PDT, Adrienne Walker 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Adrienne Walker
Comment 1 2011-05-19 19:05:17 PDT
Created attachment 94157 [details] Patch
Adrienne Walker
Comment 2 2011-05-19 19:09:39 PDT
This fixes this crasher: http://crash/reportdetail?reportid=139f0688bc41a480 The new test cases repro the division by zero without the corresponding code fix.
James Robinson
Comment 3 2011-05-19 19:17:22 PDT
Comment on attachment 94157 [details] Patch Do you know how to repro this with a web page?
Adrienne Walker
Comment 4 2011-05-19 19:41:20 PDT
(In reply to comment #3) > (From update of attachment 94157 [details]) > Do you know how to repro this with a web page? I suspect that any composited 2xY layer would cause this issue, where Y <= 512. ContentLayerChromium would set the tile size to be 2x2 because it's small and would ask for border texels in the tiler because it's on a transformed layer. TilingData's computeNumTiles properly handles this case and avoids the division by zero, but tileXIndexFromSrcCoord does not.
Vincent Scheib
Comment 5 2011-05-19 23:21:50 PDT
Comment on attachment 94157 [details] Patch LGTM
WebKit Commit Bot
Comment 6 2011-05-23 13:40:35 PDT
Comment on attachment 94157 [details] Patch Clearing flags on attachment: 94157 Committed r87094: <http://trac.webkit.org/changeset/87094>
WebKit Commit Bot
Comment 7 2011-05-23 13:40:40 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.