From 7ab7fecfa0a24fe9563c23a04148af77e11bf551 Mon Sep 17 00:00:00 2001
From: Russell Brenner <russellbrenner@google.com>
Date: Thu, 29 Sep 2011 13:11:14 -0700
Subject: [PATCH] Initialize to BUCKET_SIZE instead of 0

Some execution path appears to be leaving mBucketSizeX and/or Y set
to 0, causing a divide-by-zero exception. This should only be
feasible when mWidth and mHeight are also 0, but, to keep things
safe, we'll initialize to BUCKET_SIZE instead.

Bug: 5391435
Change-Id: I4e01f980731619e6a6fb70a6eb315c44dd677c7b
---
 Source/WebKit/android/jni/PictureSet.cpp | 32 +++++++++++++++++++++++++-------
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/Source/WebKit/android/jni/PictureSet.cpp b/Source/WebKit/android/jni/PictureSet.cpp
index 3f40174fe..6edb7ba8d 100644
--- a/Source/WebKit/android/jni/PictureSet.cpp
+++ b/Source/WebKit/android/jni/PictureSet.cpp
@@ -81,17 +81,23 @@ public:
 
 namespace android {
 
-PictureSet::PictureSet()
-    : mBucketSizeX(0), mBucketSizeY(0), mBucketCountX(0), mBucketCountY(0),
-      mHeight(0), mWidth(0)
+PictureSet::PictureSet() :
+#ifdef FAST_PICTURESET
+    mBucketSizeX(BUCKET_SIZE), mBucketSizeY(BUCKET_SIZE),
+    mBucketCountX(0), mBucketCountY(0),
+#endif
+    mHeight(0), mWidth(0)
 {
     setDimensions(0, 0);
     mBaseArea = mAdditionalArea = 0;
 }
 
-PictureSet::PictureSet(SkPicture* picture)
-    : mBucketSizeX(0), mBucketSizeY(0), mBucketCountX(0), mBucketCountY(0),
-      mHeight(0), mWidth(0)
+PictureSet::PictureSet(SkPicture* picture) :
+#ifdef FAST_PICTURESET
+    mBucketSizeX(BUCKET_SIZE), mBucketSizeY(BUCKET_SIZE),
+    mBucketCountX(0), mBucketCountY(0),
+#endif
+    mHeight(0), mWidth(0)
 {
     mBaseArea = mAdditionalArea = 0;
     if (!picture) {
@@ -311,6 +317,12 @@ void PictureSet::gatherBucketsForArea(WTF::Vector<Bucket*>& list, const SkIRect&
           rect.fLeft, rect.fTop, rect.fRight, rect.fBottom,
           rect.width(), rect.height());
 
+    if (!mBucketSizeX || !mBucketSizeY) {
+        XLOGC("PictureSet::gatherBucketsForArea() called with bad bucket size: x=%d y=%d",
+              mBucketSizeX, mBucketSizeY);
+        return;
+    }
+
     int x = rect.fLeft;
     int y = rect.fTop;
     int firstTileX = rect.fLeft / mBucketSizeX;
@@ -337,6 +349,12 @@ void PictureSet::splitAdd(const SkIRect& rect)
           rect.fLeft, rect.fTop, rect.fRight, rect.fBottom,
           rect.width(), rect.height());
 
+    if (!mBucketSizeX || !mBucketSizeY) {
+        XLOGC("PictureSet::splitAdd() called with bad bucket size: x=%d y=%d",
+              mBucketSizeX, mBucketSizeY);
+        return;
+    }
+
     // TODO: reuse gatherBucketsForArea() (change Bucket to be a class)
     int x = rect.fLeft;
     int y = rect.fTop;
@@ -631,6 +649,7 @@ void PictureSet::clear()
          bucket->clear();
     }
     mBuckets.clear();
+    mBucketSizeX = mBucketSizeY = BUCKET_SIZE;
 #else
     Pictures* last = mPictures.end();
     for (Pictures* working = mPictures.begin(); working != last; working++) {
@@ -640,7 +659,6 @@ void PictureSet::clear()
     mPictures.clear();
 #endif // FAST_PICTURESET
     mWidth = mHeight = 0;
-    mBucketSizeX = mBucketSizeY = 0;
 }
 
 bool PictureSet::draw(SkCanvas* canvas)
-- 
2.11.0