wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 475181. Bounds-check feTile subregion size. r+sr=roc

Browse Source
This commit is contained in:
Jonathan Watt 2009-01-28 22:29:48 +13:00
parent 3a494e2823
commit 283dc2da74
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
content/svg/content/src/nsSVGFilters.cpp
View File

@ -2846,15 +2846,14 @@ nsSVGFETileElement::Filter(nsSVGFilterInstance *instance,
// and ComputeChangeBBox are all pessimal, so that will normally be OK,
// but nothing clips mFilterPrimitiveSubregion so this should be changed.
const gfxRect& tileGfx = aSources[0]->mFilterPrimitiveSubregion;
// XXX this is bad, technically the filter primitive subregion could be
// out of PRInt32 bounds
nsIntRect tile(PRInt32(tileGfx.X()), PRInt32(tileGfx.Y()),
PRInt32(tileGfx.Width()), PRInt32(tileGfx.Height()));
nsIntRect tile;
nsresult res = nsSVGUtils::GfxRectToIntRect(aSources[0]->mFilterPrimitiveSubregion, &tile);
NS_ENSURE_SUCCESS(res, res); // asserts on failure (not
if (tile.IsEmpty())
return NS_OK;
NS_ASSERTION(instance->GetSurfaceRect().Contains(tile),
"Tile overflows surface rect, this code can't handle it");
NS_ENSURE_TRUE(instance->GetSurfaceRect().Contains(tile), NS_ERROR_UNEXPECTED);
// Get it into surface space
tile -= instance->GetSurfaceRect().TopLeft();