Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(155)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/WebCore/platform/graphics/filters/FilterEffect.cpp

Issue 6949013: Merge 85926 (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/742/
Patch Set: Created 9 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/WebCore/platform/graphics/filters/FilterEffect.h ('k') | Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/WebCore/platform/graphics/filters/FilterEffect.cpp
===================================================================
--- Source/WebCore/platform/graphics/filters/FilterEffect.cpp (revision 85995)
+++ Source/WebCore/platform/graphics/filters/FilterEffect.cpp (working copy)
@@ -46,6 +46,14 @@
{
}
+inline bool isFilterSizeValid(IntRect rect)
+{
+ if (rect.width() < 0 || rect.width() > kMaxFilterSize
+ || rect.height() < 0 || rect.height() > kMaxFilterSize)
+ return false;
+ return true;
+}
+
void FilterEffect::determineAbsolutePaintRect()
{
m_absolutePaintRect = IntRect();
@@ -54,7 +62,7 @@
m_absolutePaintRect.unite(m_inputEffects.at(i)->absolutePaintRect());
// SVG specification wants us to clip to primitive subregion.
- m_absolutePaintRect.intersect(m_maxEffectRect);
+ m_absolutePaintRect.intersect(enclosingIntRect(m_maxEffectRect));
}
IntRect FilterEffect::requestedRegionOfInputImageData(const IntRect& effectRect) const
@@ -104,6 +112,7 @@
PassRefPtr<ByteArray> FilterEffect::asUnmultipliedImage(const IntRect& rect)
{
+ ASSERT(isFilterSizeValid(rect));
RefPtr<ByteArray> imageData = ByteArray::create(rect.width() * rect.height() * 4);
copyUnmultipliedImage(imageData.get(), rect);
return imageData.release();
@@ -111,6 +120,7 @@
PassRefPtr<ByteArray> FilterEffect::asPremultipliedImage(const IntRect& rect)
{
+ ASSERT(isFilterSizeValid(rect));
RefPtr<ByteArray> imageData = ByteArray::create(rect.width() * rect.height() * 4);
copyPremultipliedImage(imageData.get(), rect);
return imageData.release();
@@ -169,6 +179,7 @@
if (m_imageBufferResult)
m_unmultipliedImageResult = m_imageBufferResult->getUnmultipliedImageData(IntRect(IntPoint(), m_absolutePaintRect.size()));
else {
+ ASSERT(isFilterSizeValid(m_absolutePaintRect));
m_unmultipliedImageResult = ByteArray::create(m_absolutePaintRect.width() * m_absolutePaintRect.height() * 4);
unsigned char* sourceComponent = m_premultipliedImageResult->data();
unsigned char* destinationComponent = m_unmultipliedImageResult->data();
@@ -202,6 +213,7 @@
if (m_imageBufferResult)
m_premultipliedImageResult = m_imageBufferResult->getPremultipliedImageData(IntRect(IntPoint(), m_absolutePaintRect.size()));
else {
+ ASSERT(isFilterSizeValid(m_absolutePaintRect));
m_premultipliedImageResult = ByteArray::create(m_absolutePaintRect.width() * m_absolutePaintRect.height() * 4);
unsigned char* sourceComponent = m_unmultipliedImageResult->data();
unsigned char* destinationComponent = m_premultipliedImageResult->data();
@@ -238,6 +250,8 @@
{
// Only one result type is allowed.
ASSERT(!hasResult());
+ ASSERT(isFilterSizeValid(m_absolutePaintRect));
+
determineAbsolutePaintRect();
if (m_absolutePaintRect.isEmpty())
return 0;
@@ -249,6 +263,8 @@
{
// Only one result type is allowed.
ASSERT(!hasResult());
+ ASSERT(isFilterSizeValid(m_absolutePaintRect));
+
determineAbsolutePaintRect();
if (m_absolutePaintRect.isEmpty())
return 0;
« no previous file with comments | « Source/WebCore/platform/graphics/filters/FilterEffect.h ('k') | Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698