RESOLVED FIXED 17303
Canvas crash in ImageBuffer 
https://bugs.webkit.org/show_bug.cgi?id=17303
Summary Canvas crash in ImageBuffer
Philip Taylor
Reported 2008-02-10 18:47:49 PST
Apparently: 02:33 < olliej> Philip`: i just noticed a number of your tests ostensibly have errors 02:33 < olliej> Philip`: <link> outside of <head> 02:34 < olliej> Philip`: which the inspectorator tells me is wrong 02:34 < olliej> <link> is not allowed inside <html>. Moving <link> into the <head>. 02:34 < olliej> http://philip.html5.org/tests/canvas/suite/tests/index.2d.pattern.html (line 3) That file says <!DOCTYPE HTML> <title>Canvas tests - 2d.pattern.*</title> <link rel="stylesheet" href="../frame.css"> which should not be an error, because the <title> validly implies a <head> and so the <link> is in the right place.
Attachments
Fixerate the crash (2.60 KB, patch)
2008-02-20 20:23 PST, Oliver Hunt 		hyatt: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dave Hyatt
Comment 1 2008-02-20 14:54:33 PST
This test case now crashes. Upping to P1.
Alp Toker
Comment 2 2008-02-20 14:59:50 PST
Issue also affects Cairo. Backtrace (no debug symbols, sorry) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xa5bbc720 (LWP 20326)] 0xa6a10c67 in WebCore::ImageBuffer::context () from /home/alp/Projects/webkit/ngit/release/.libs/libWebKitGtk.so.1 (gdb) bt #0 0xa6a10c67 in WebCore::ImageBuffer::context () from /home/alp/Projects/webkit/ngit/release/.libs/libWebKitGtk.so.1 #1 0xa67fdbd6 in WebCore::CanvasRenderingContext2D::drawingContext () from /home/alp/Projects/webkit/ngit/release/.libs/libWebKitGtk.so.1 #2 0xa6800509 in WebCore::CanvasRenderingContext2D::setFillStyle () from /home/alp/Projects/webkit/ngit/release/.libs/libWebKitGtk.so.1 #3 0xa66d208c in WebCore::JSCanvasRenderingContext2D::setFillStyle () from /home/alp/Projects/webkit/ngit/release/.libs/libWebKitGtk.so.1 #4 0xa6657628 in WebCore::JSCanvasRenderingContext2D::putValueProperty () from /home/alp/Projects/webkit/ngit/release/.libs/libWebKitGtk.so.1 #5 0xa6a6c84c in KJS::AssignDotNode::evaluate () from /home/alp/Projects/webkit/ngit/release/.libs/libWebKitGtk.so.1 #6 0xa6a6aa19 in KJS::ExprStatementNode::execute () from /home/alp/Projects/webkit/ngit/release/.libs/libWebKitGtk.so.1 #7 0xa6a3531a in KJS::BlockNode::execute () from /home/alp/Projects/webkit/ngit/release/.libs/libWebKitGtk.so.1 #8 0xa6a88b49 in KJS::FunctionImp::callAsFunction () from /home/alp/Projects/webkit/ngit/release/.libs/libWebKitGtk.so.1 #9 0xa6a569e4 in KJS::JSObject::call () from /home/alp/Projects/webkit/ngit/release/.libs/libWebKitGtk.so.1 #10 0xa6a7542a in KJS::FunctionCallResolveNode::evaluate () from /home/alp/Projects/webkit/ngit/release/.libs/libWebKitGtk.so.1 #11 0xa6a6aa19 in KJS::ExprStatementNode::execute () ...
Oliver Hunt
Comment 3 2008-02-20 20:23:36 PST
Created attachment 19247 [details] Fixerate the crash
Dave Hyatt
Comment 4 2008-02-20 20:24:17 PST
Comment on attachment 19247 [details] Fixerate the crash r=me
Oliver Hunt
Comment 5 2008-02-20 20:25:52 PST
Landed rr30452
Note You need to log in before you can comment on or make changes to this bug.