Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7f3400f5de0cd1502e3dbc23e251e3102116b0ba
https://github.com/WebKit/WebKit/commit/7f3400f5de0cd1502e3dbc23e251e3102116b0ba
Author: Said Abou-Hallawa <s...@apple.com>
Date: 2025-08-20 (Wed, 20 Aug 2025)
Changed paths:
A LayoutTests/svg/filters/feConvolveMatrix-order-overflow-expected.txt
A LayoutTests/svg/filters/feConvolveMatrix-order-overflow.svg
M Source/WebCore/svg/SVGFEConvolveMatrixElement.cpp
Log Message:
-----------
REGRESSION(298250@main): feConvolveMatrix with large 'order' causes integer
overflow
https://bugs.webkit.org/show_bug.cgi?id=297624
rdar://158670536
Reviewed by Cameron McCormack.
The overflow could also have happened before 298250@main. Calling order.area()
was
used instead of multiplying (orderXValue * orderYValue). This could have caught
this overflow.
The fix is use IntSize::unclampedArea() since this will never overflow.
* LayoutTests/svg/filters/feConvolveMatrix-order-overflow-expected.txt: Added.
* LayoutTests/svg/filters/feConvolveMatrix-order-overflow.svg: Added.
* Source/WebCore/svg/SVGFEConvolveMatrixElement.cpp:
(WebCore::SVGFEConvolveMatrixElement::createFilterEffect const):
Canonical link: https://commits.webkit.org/298946@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
