107981 2013-01-25 13:18:38 -0800 [skia] Check for null-device when calling createCompatibleDevice 2013-02-22 13:32:44 -0800 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 reed reed fmalita jamesr junov senorblanco webkit.review.bot oldest_to_newest 816868 0 reed 2013-01-25 13:18:38 -0800 Check for null-device when calling createCompatibleDevice 816871 1 184802 reed 2013-01-25 13:22:16 -0800 Created attachment 184802 Patch 816873 2 reed 2013-01-25 13:23:44 -0800 https://code.google.com/p/chromium/issues/detail?id=172052 816875 3 184802 jamesr 2013-01-25 13:29:20 -0800 Comment on attachment 184802 Patch Can we make a test that tries to construct a really big ImageBuffer? 817243 4 184880 fmalita 2013-01-26 12:26:29 -0800 Created attachment 184880 Minimized test, crashes in Chromium. 817244 5 fmalita 2013-01-26 12:36:48 -0800 (In reply to comment #3) > (From update of attachment 184802 [details]) > Can we make a test that tries to construct a really big ImageBuffer? The attached test crashes CR (hitting the same generated image tiled draw path as the original page), but unfortunately it doesn't seem to trigger the same failure in DRT. I presume DRT runs with a different graphics context that handles surface allocations differently? Even ridiculous width/height values appear to "work": DRT doesn't crash, but the gradient is not drawn either (instead the visible portion is filled with a greenish color). Given this difference in behavior, I'm not sure how to produce a DRT test that isolates the bug. Any ideas? 817734 6 junov 2013-01-28 07:22:38 -0800 > Given this difference in behavior, I'm not sure how to produce a DRT test that isolates the bug. Any ideas? Instead of testing in DRT, you could write a unit test (in trunk/Source/WebKit/chromium/tests/) that uses a fake PlatformContextSkia that fails allocations by design. 839848 7 reed 2013-02-22 13:10:45 -0800 I think this patch fixes https://code.google.com/p/chromium/issues/detail?id=177759 839853 8 reed 2013-02-22 13:14:34 -0800 #6 -- I don't know that that would be a stable test, since this webkit code is not really mockable. Do we have other such tests that exist to exercise a specific null-check failure? If not, perhaps we can land this CL as is. 839866 9 184802 jamesr 2013-02-22 13:26:29 -0800 Comment on attachment 184802 Patch This seems reasonable. 839875 10 184802 webkit.review.bot 2013-02-22 13:32:40 -0800 Comment on attachment 184802 Patch Clearing flags on attachment: 184802 Committed r143784: <http://trac.webkit.org/changeset/143784> 839877 11 webkit.review.bot 2013-02-22 13:32:44 -0800 All reviewed patches have been landed. Closing bug. 184802 2013-01-25 13:22:16 -0800 2013-02-22 13:32:40 -0800 Patch bug-107981-20130125161906.patch text/plain 1471 reed SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE0MDg2MSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBACisyMDEzLTAxLTI1ICBNaWtlIFJl ZWQgIDxyZWVkQGdvb2dsZS5jb20+CisKKyAgICAgICAgQ2hlY2sgZm9yIG51bGwtZGV2aWNlIHdo ZW4gY2FsbGluZyBjcmVhdGVDb21wYXRpYmxlRGV2aWNlCisgICAgICAgIGh0dHBzOi8vYnVncy53 ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMDc5ODEKKworICAgICAgICBSZXZpZXdlZCBieSBO T0JPRFkgKE9PUFMhKS4KKworICAgICAgICBObyBuZXcgdGVzdHMuIEN1cnJlbnQgdGVzdHMgcHJv dmlkZWQgY292ZXJhZ2UuIFNpdGUgaW4gdGhlIHdpbGQgdHJpZ2dlcmVkIHRoZSBmYWlsdXJlCisg ICAgICAgIChjYWlybyBmYWlsZWQgdG8gYWxsb2NhdGUgYSBodWdlIHN1cmZhY2UpLgorCisgICAg ICAgICogcGxhdGZvcm0vZ3JhcGhpY3Mvc2tpYS9JbWFnZUJ1ZmZlclNraWEuY3BwOgorICAgICAg ICAoV2ViQ29yZTo6SW1hZ2VCdWZmZXI6OkltYWdlQnVmZmVyKToKKwogMjAxMy0wMS0yNSAgRWxs aW90dCBTcHJlaG4gIDxlc3ByZWhuQGNocm9taXVtLm9yZz4KIAogICAgICAgICBDb25zaWRlciBh bGwgYW5jZXN0b3JzIG5vdCBqdXN0IHBhcmVudEVsZW1lbnQgd2hlbiBkaXNjb25uZWN0aW5nIGZy YW1lcwpJbmRleDogU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3JhcGhpY3Mvc2tpYS9JbWFnZUJ1 ZmZlclNraWEuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBo aWNzL3NraWEvSW1hZ2VCdWZmZXJTa2lhLmNwcAkocmV2aXNpb24gMTQwODE4KQorKysgU291cmNl L1dlYkNvcmUvcGxhdGZvcm0vZ3JhcGhpY3Mvc2tpYS9JbWFnZUJ1ZmZlclNraWEuY3BwCSh3b3Jr aW5nIGNvcHkpCkBAIC0xMjksNiArMTI5LDExIEBAIEltYWdlQnVmZmVyOjpJbWFnZUJ1ZmZlcihj b25zdCBJbnRTaXplJgogICAgIH0KIAogICAgIFNrQXV0b1RVbnJlZjxTa0RldmljZT4gZGV2aWNl KGNvbXBhdGlibGVDb250ZXh0LT5wbGF0Zm9ybUNvbnRleHQoKS0+Y3JlYXRlQ29tcGF0aWJsZURl dmljZShzaXplLCBoYXNBbHBoYSkpOworICAgIGlmICghZGV2aWNlLmdldCgpKSB7CisgICAgICAg IHN1Y2Nlc3MgPSBmYWxzZTsKKyAgICAgICAgcmV0dXJuOworICAgIH0KKwogICAgIFNrUGl4ZWxS ZWYqIHBpeGVsUmVmID0gZGV2aWNlLT5hY2Nlc3NCaXRtYXAoZmFsc2UpLnBpeGVsUmVmKCk7CiAg ICAgaWYgKCFwaXhlbFJlZikgewogICAgICAgICBzdWNjZXNzID0gZmFsc2U7Cg== 184880 2013-01-26 12:26:29 -0800 2013-01-26 12:26:29 -0800 Minimized test, crashes in Chromium. large-gradient-crash.html text/html 305 fmalita PCFET0NUWVBFIGh0bWw+CjxodG1sPgogIDxoZWFkPgogICAgPHN0eWxlPgogICAgICBkaXYgewog ICAgICAgIGJhY2tncm91bmQ6IC13ZWJraXQtbGluZWFyLWdyYWRpZW50KGJvdHRvbSwgYmxhY2sg MCUsIHdoaXRlIDEwMCUpOwogICAgICAgIGJvcmRlcjogMXB4IHNvbGlkIHJlZDsKICAgICAgICB3 aWR0aDogNDAwcHg7CiAgICAgICAgaGVpZ2h0OiA0MDAwMHB4OwogICAgICB9CiAgICA8L3N0eWxl PgogIDwvaGVhZD4KCiAgPGJvZHk+CiAgICA8ZGl2PlBBU1M6IGRpZCBub3QgY3Jhc2guPC9kaXY+ CiAgPC9ib2R5Pgo8L2h0bWw+Cgo=