Mercurial > releases > mozilla-release / changeset / 837bbcb850cd58eb07c7f6437078d5229986967c
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1566206 - Avoid overflow when limitting the number of rasterized blobs. r=jrmuizel, a=jcristau FIREFOX_68_0_1_BUILD1 FIREFOX_68_0_1_RELEASE
authorNicolas Silva <nsilva@mozilla.com>
Wed, 17 Jul 2019 14:35:01 +0000 (2019-07-17)
changeset 537255 837bbcb850cd58eb07c7f6437078d5229986967c
parent 537254 45106a0c0a424f01a4996ffaad23b00b2ba7c4e2
child 537256 c043cc81f1fac9ec7336a0957e58a04be55f879c
push id2107
push userjcristau@mozilla.com
push dateWed, 17 Jul 2019 17:25:42 +0000 (2019-07-17)
treeherdermozilla-release@837bbcb850cd [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjrmuizel, jcristau
bugs1566206
milestone68.0.1
Bug 1566206 - Avoid overflow when limitting the number of rasterized blobs. r=jrmuizel, a=jcristau Differential Revision: https://phabricator.services.mozilla.com/D38292
gfx/wr/webrender/src/resource_cache.rs file | annotate | diff | comparison | revisions 
--- a/gfx/wr/webrender/src/resource_cache.rs
+++ b/gfx/wr/webrender/src/resource_cache.rs
@@ -1211,18 +1211,19 @@ impl ResourceCache {
                 const MAX_TILES_PER_REQUEST: i32 = 512;
                 // For truly nonsensical requests, we might run into overflow
                 // when computing width * height, so we first check each extent
                 // individually.
                 while !tiles.size.is_empty_or_negative()
                     && (tiles.size.width > MAX_TILES_PER_REQUEST
                         || tiles.size.height > MAX_TILES_PER_REQUEST
                         || tiles.size.width * tiles.size.height > MAX_TILES_PER_REQUEST) {
-                    let w = tiles.size.width;
-                    let h = tiles.size.height;
+                    let limit = 46340; // sqrt(i32::MAX) rounded down to avoid overflow.
+                    let w = tiles.size.width.min(limit);
+                    let h = tiles.size.height.min(limit);
                     let diff = w * h - MAX_TILES_PER_REQUEST;
                     // Remove tiles in the largest dimension.
                     if tiles.size.width > tiles.size.height {
                         tiles.size.width -= diff / h + 1;
                         tiles.origin.x += diff / (2 * h);
                     } else {
                         tiles.size.height -= diff / w + 1;
                         tiles.origin.y += diff / (2 * w);
mozilla-release
Deployed from 0549d7aefb93 at 2025-06-12T15:23:35Z.