corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1909796 - Allow clip paths larger than int32. r=aosmond

Browse Source 
The isEmpty check against path bounds would inadvertently fails because it checks
if the width/height would fit in an int32. However, since the bounds will be intersected
with a further clip rectangle that is already validated, this check is superfluous and
can filter out some valid clip paths. Replacing this check with isEmpty64, which doesn't
do the final limit check resolves this issue.

Differential Revision: https://phabricator.services.mozilla.com/D218706
This commit is contained in:
Lee Salzman
2024-08-07 04:42:48 +00:00
parent 33f8aa3859
commit 7fc1fb8137
4 changed files with 53 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gfx/skia/skia/src/core/SkAAClip.cpp
View File

@@ -1412,7 +1412,9 @@ bool SkAAClip::setPath(const SkPath& path, const SkIRect& clip, bool doAA) {
ibounds = clip; ibounds = clip;
} else { } else {
path.getBounds().roundOut(&ibounds); path.getBounds().roundOut(&ibounds);
if (ibounds.isEmpty() || !ibounds.intersect(clip)) { // Since clip is already validated with isEmpty, it is safe to use isEmpty64
// for ibounds as it will be intersected with clip after.
if (ibounds.isEmpty64() || !ibounds.intersect(clip)) {
return this->setEmpty(); return this->setEmpty();
} }
} }

24
layout/reftests/canvas/1909718-1-ref.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<body>
<canvas id="c" width="200" height="200"></canvas>
<script>
const c = document.getElementById("c");
const ctx = c.getContext("2d");
ctx.fillStyle = 'red';
ctx.fillRect(0, 0, 200, 200);
ctx.beginPath();
ctx.rect(0, 0, 200, 100);
ctx.rect(100, 100, 100, 100);
ctx.clip();
ctx.fillStyle = 'green';
ctx.fillRect(0, 0, 200, 200);
</script>
</body>
</html>

24
layout/reftests/canvas/1909718-1.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<body>
<canvas id="c" width="200" height="200"></canvas>
<script>
const c = document.getElementById("c");
const ctx = c.getContext("2d");
ctx.fillStyle = 'red';
ctx.fillRect(0, 0, 200, 200);
ctx.beginPath();
ctx.rect(-6091968027, 0, 2 * 6091968027, 100);
ctx.rect(100, 100, 100, 100);
ctx.clip();
ctx.fillStyle = 'green';
ctx.fillRect(0, 0, 200, 200);
</script>
</body>
</html>

2
layout/reftests/canvas/reftest.list
View File

@@ -127,3 +127,5 @@ fuzzy-if(winWidget,0-94,0-1575) fuzzy-if(cocoaWidget,0-1,0-34) == 1304353-text-g
!= 1850727-1.html 1850727-1-ref.html != 1850727-1.html 1850727-1-ref.html
== transformed-line-stroke.html transformed-line-stroke-ref.html == transformed-line-stroke.html transformed-line-stroke-ref.html
== 1909718-1.html 1909718-1-ref.html