[TexMap] pixel coverage multiplication in TiledBackingStore can overflow
Created attachment 266987 [details] Patch
Created attachment 266991 [details] Example of the problem This shows the issue on the poster-circle demo, with tiles missing from different rings because the pixel coverage area overflowed. The problem isn't fixed until the next layer flush, and only if the tiles are not in such a position that would again result in overflowing the candidate area multiplication.
(In reply to comment #2) > The problem isn't fixed until the next layer flush, and only if the tiles > are not in such a position that would again result in overflowing the > candidate area multiplication. It should be noted that on WebKitGTK+ there's at the moment an abundance of layer flushes (essentially for every frame when running animations), so the tiles are created soon after the animation starts and the layers move into a position that covers less area. The image of the problem is from the Wayland port which uses Coordinated Graphics for layer flushing (which is additionally optimized to be kept to a minimum).
I also understand a test would be desired, but the only way to test for this would be to run the compositing tests and enable pixel results, neither of which is done for the GTK+ port.
Comment on attachment 266987 [details] Patch WTF::safeMultiply doesn't seem to be used anywhere. Checked<...> does.
Comment on attachment 266987 [details] Patch Clearing flags on attachment: 266987 Committed r193898: <http://trac.webkit.org/changeset/193898>
All reviewed patches have been landed. Closing bug.