[Webkit-unassigned] [Bug 77245] [Chromium] SVG Composite of Offset crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 31 10:37:47 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=77245
Stephen Chenney <schenney at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
AssignedTo|webkit-unassigned at lists.web |schenney at chromium.org
|kit.org |
CC| |reed at google.com
--- Comment #3 from Stephen Chenney <schenney at chromium.org> 2012-01-31 10:37:47 PST ---
I have tracked down the crash to the arithmetic compositing behavior, where:
result = k1*i1*i2 + k2*i1 + k3*i2 + k4
with premultiplied alpha and k1 = k4 = 0, k2 = -1, k3 = 1. That is, computing a difference image in premultiplied alpha.
For opaque pixels, a = 255, this will always generate a = 0 result. But if the color values are not the same it will generate non-zero r, g, or b with a = 0 in a premultiplied pixel, which hits an assert in WebCore/platform/graphics/skia/SkiaUtils.cpp:91, in the method SkPMColorToColor.
The assert checks that r=g=b=0 when a=0, as is required for premultiplied alpha.
There are two possible fixes for this. One is to remove the assert and go with the behavior that a = 0 in a color conversion forces r=g=b=0 regardless of their values. This just makes the debug config behavior match the release behavior, and match other browsers.
The other is to add a test in WebCore before sending the pixel to Skia. I really don't want to do that, because it would add a branch in otherwise tight loops over all pixel locations.
So I'll put up a simple patch that removes the assert.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list