129456 2014-02-27 15:52:59 -0800 Crash in RemoteLayerTreePropertyApplier::applyPropertiesToLayer 2014-02-27 15:59:04 -0800 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 thorton thorton jonlee sam simon.fraser oldest_to_newest 985387 0 thorton 2014-02-27 15:52:59 -0800 <rdar://problem/16182676> Seeing a crash in RemoteLayerTreePropertyApplier::applyPropertiesToLayer when going from having layer contents to not having layer contents. We're dereferencing the RemoteLayerBacking without checking if it exists, in the accelerated drawing codepath. Also, this #if structure is disturbing (conditional control flow scares me), so rework it a bit. 985392 1 225421 thorton 2014-02-27 15:55:11 -0800 Created attachment 225421 patch 985395 2 225421 thorton 2014-02-27 15:56:36 -0800 Comment on attachment 225421 patch View in context: https://bugs.webkit.org/attachment.cgi?id=225421&action=review > Source/WebKit2/ChangeLog:11 > + We were dereferencing the RemoteLayerBacking without checking if it exists, +Store 985397 3 thorton 2014-02-27 15:59:04 -0800 http://trac.webkit.org/changeset/164840 225421 2014-02-27 15:55:11 -0800 2014-02-27 15:56:36 -0800 patch patch.diff text/plain 2385 thorton ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCAxMWI1OWFhLi5kYjE1YmE1IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcg QEAKKzIwMTQtMDItMjcgIFRpbSBIb3J0b24gIDx0aW1vdGh5X2hvcnRvbkBhcHBsZS5jb20+CisK KyAgICAgICAgQ3Jhc2ggaW4gUmVtb3RlTGF5ZXJUcmVlUHJvcGVydHlBcHBsaWVyOjphcHBseVBy b3BlcnRpZXNUb0xheWVyCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD0xMjk0NTYKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzE2MTgyNjc2PgorCisgICAg ICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogU2hhcmVkL21hYy9S ZW1vdGVMYXllclRyZWVQcm9wZXJ0eUFwcGxpZXIubW06CisgICAgICAgIChXZWJLaXQ6OlJlbW90 ZUxheWVyVHJlZVByb3BlcnR5QXBwbGllcjo6YXBwbHlQcm9wZXJ0aWVzVG9MYXllcik6CisgICAg ICAgIFdlIHdlcmUgZGVyZWZlcmVuY2luZyB0aGUgUmVtb3RlTGF5ZXJCYWNraW5nIHdpdGhvdXQg Y2hlY2tpbmcgaWYgaXQgZXhpc3RzLAorICAgICAgICBpbiB0aGUgYWNjZWxlcmF0ZWQgZHJhd2lu ZyBjb2RlcGF0aC4gVGhpcyBjYXNlIHdpbGwgb2NjdXIgaWYgYSBsYXllcgorICAgICAgICBwcmV2 aW91c2x5IGRyZXcgY29udGVudHMsIGJ1dCBub3cgZG9lcyBub3QuCisKIDIwMTQtMDItMjcgIEFu ZGVycyBDYXJsc3NvbiAgPGFuZGVyc2NhQGFwcGxlLmNvbT4KIAogICAgICAgICBNYWtlIFdlYlBy b2Nlc3NQcm94eTo6cGFnZXMoKSByZXR1cm4gYW4gSXRlcmF0b3JSYW5nZQpkaWZmIC0tZ2l0IGEv U291cmNlL1dlYktpdDIvU2hhcmVkL21hYy9SZW1vdGVMYXllclRyZWVQcm9wZXJ0eUFwcGxpZXIu bW0gYi9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvbWFjL1JlbW90ZUxheWVyVHJlZVByb3BlcnR5QXBw bGllci5tbQppbmRleCBhNDM0YmU2Li45ODVkMGMzIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9TaGFyZWQvbWFjL1JlbW90ZUxheWVyVHJlZVByb3BlcnR5QXBwbGllci5tbQorKysgYi9Tb3Vy Y2UvV2ViS2l0Mi9TaGFyZWQvbWFjL1JlbW90ZUxheWVyVHJlZVByb3BlcnR5QXBwbGllci5tbQpA QCAtMTY3LDE0ICsxNjcsMTggQEAgdm9pZCBSZW1vdGVMYXllclRyZWVQcm9wZXJ0eUFwcGxpZXI6 OmFwcGx5UHJvcGVydGllc1RvTGF5ZXIoQ0FMYXllciAqbGF5ZXIsIGNvbnMKICAgICAgICAgbGF5 ZXIudGltZU9mZnNldCA9IHByb3BlcnRpZXMudGltZU9mZnNldDsKIAogICAgIGlmIChwcm9wZXJ0 aWVzLmNoYW5nZWRQcm9wZXJ0aWVzICYgUmVtb3RlTGF5ZXJUcmVlVHJhbnNhY3Rpb246OkJhY2tp bmdTdG9yZUNoYW5nZWQpIHsKKyAgICAgICAgaWYgKFJlbW90ZUxheWVyQmFja2luZ1N0b3JlKiBi YWNraW5nU3RvcmUgPSBwcm9wZXJ0aWVzLmJhY2tpbmdTdG9yZS5nZXQoKSkgewogI2lmIFVTRShJ T1NVUkZBQ0UpCi0gICAgICAgIGlmIChwcm9wZXJ0aWVzLmJhY2tpbmdTdG9yZS0+YWNjZWxlcmF0 ZXNEcmF3aW5nKCkpCi0gICAgICAgICAgICBsYXllci5jb250ZW50cyA9IChpZClwcm9wZXJ0aWVz LmJhY2tpbmdTdG9yZS0+c3VyZmFjZSgpLmdldCgpOwotICAgICAgICBlbHNlCisgICAgICAgICAg ICBpZiAoYmFja2luZ1N0b3JlLT5hY2NlbGVyYXRlc0RyYXdpbmcoKSkKKyAgICAgICAgICAgICAg ICBsYXllci5jb250ZW50cyA9IChpZCliYWNraW5nU3RvcmUtPnN1cmZhY2UoKS5nZXQoKTsKKyAg ICAgICAgICAgIGVsc2UKKyAgICAgICAgICAgICAgICBsYXllci5jb250ZW50cyA9IChpZCliYWNr aW5nU3RvcmUtPmltYWdlKCkuZ2V0KCk7CiAjZWxzZQotICAgICAgICAgICAgQVNTRVJUKCFwcm9w ZXJ0aWVzLmJhY2tpbmdTdG9yZSB8fCAhcHJvcGVydGllcy5iYWNraW5nU3RvcmUtPmFjY2VsZXJh dGVzRHJhd2luZygpKTsKKyAgICAgICAgICAgIEFTU0VSVCghYmFja2luZ1N0b3JlLT5hY2NlbGVy YXRlc0RyYXdpbmcoKSk7CisgICAgICAgICAgICBsYXllci5jb250ZW50cyA9IChpZCliYWNraW5n U3RvcmUtPmltYWdlKCkuZ2V0KCk7CiAjZW5kaWYKLSAgICAgICAgbGF5ZXIuY29udGVudHMgPSBw cm9wZXJ0aWVzLmJhY2tpbmdTdG9yZSA/IChpZClwcm9wZXJ0aWVzLmJhY2tpbmdTdG9yZS0+aW1h Z2UoKS5nZXQoKSA6IG5pbDsKKyAgICAgICAgfSBlbHNlCisgICAgICAgICAgICBsYXllci5jb250 ZW50cyA9IG5pbDsKICAgICB9CiAKICAgICBpZiAocHJvcGVydGllcy5jaGFuZ2VkUHJvcGVydGll cyAmIFJlbW90ZUxheWVyVHJlZVRyYW5zYWN0aW9uOjpGaWx0ZXJzQ2hhbmdlZCkK