2011-05-20 Dirk Schulze <krit@webkit.org>
authorDirk Schulze <krit@webkit.org>
Fri, 20 May 2011 08:01:19 +0000 (08:01 +0000)
committerAdemar de Souza Reis Jr <ademar.reis@openbossa.org>
Fri, 20 May 2011 12:38:21 +0000 (09:38 -0300)
commit6b501ad8d5b8621a9dcde248e4e1cc07b57bc246
treefce8982a252f463be71b98a23a4ba7180e43716a
parent63adcb676f1c1f6ecbe86beb205a2450f96cd8f7
2011-05-20  Dirk Schulze  <krit@webkit.org>

        Reviewed by Eric Seidel.

        SVG Large curve path segment OOM crash
        https://bugs.webkit.org/show_bug.cgi?id=42079

        Limit the depth of repeatedly splitting a segment on length calculation to 20. The limitation
        is necessary for very big segments that would be splitter into millions of parts otherwise.
        The limitation just cause a less accurate approximation.
        At the moment the limit is fixed to 20. This is comparable with splitting the segment into
        ~1 million parts as a worst case. We might want to be more flexible later.

        Test: svg/custom/path-getTotalLength-on-big-segment-crash.svg

        * platform/graphics/PathTraversalState.cpp:
        (WebCore::midPoint):
        (WebCore::curveLength):
        (WebCore::PathTraversalState::PathTraversalState):
        (WebCore::PathTraversalState::moveTo):
        (WebCore::PathTraversalState::quadraticBezierTo):
        (WebCore::PathTraversalState::cubicBezierTo):
        * platform/graphics/PathTraversalState.h:
2011-05-20  Dirk Schulze  <krit@webkit.org>

        Reviewed by Eric Seidel.

        SVG Large curve path segment OOM crash
        https://bugs.webkit.org/show_bug.cgi?id=42079

        Added a test to verify, that the browser does not crash on calculating the total length on big segments.
        It makes no sense to add the result of getTotalLength(), since they differ a lot bewteen platforms.
        This is caused by the platform graphic libraries. See comment #9 on the bug.

        * svg/custom/path-getTotalLength-on-big-segment-crash-expected.txt: Added.
        * svg/custom/path-getTotalLength-on-big-segment-crash.svg: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86928 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/svg/custom/path-getTotalLength-on-big-segment-crash-expected.txt [new file with mode: 0644]
LayoutTests/svg/custom/path-getTotalLength-on-big-segment-crash.svg [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/PathTraversalState.cpp
Source/WebCore/platform/graphics/PathTraversalState.h