170912 2017-04-17 13:35:27 -0700 [iOS, macOS] Guard against passing nullptr to vImagePremultiplyData 2017-04-19 09:17:55 -0700 1 1 1 Unclassified WebKit WebCore Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 bfulgham bfulgham beidson bfulgham ddkilzer dino sabouhallawa zalan oldest_to_newest 1297992 0 bfulgham 2017-04-17 13:35:27 -0700 If the system is under heavy memory pressure, it is possible for a calloc to fail, resulting in an ImageBuffer with a nullptr data member. We should return from an attempt to perform ImageBuffer::putData on a nullptr without taking any action, or perhaps RELEASE_ASSERT that we encountered this case. Since the memory pressure may be transient, it seems reasonable to just bail out early; a future attempt may succeed. 1297994 1 307292 bfulgham 2017-04-17 13:38:05 -0700 Created attachment 307292 Patch 1298399 2 bfulgham 2017-04-18 13:12:55 -0700 <rdar://problem/30565800> 1298513 3 307292 beidson 2017-04-18 16:59:42 -0700 Comment on attachment 307292 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=307292&action=review > Source/WebCore/platform/graphics/cg/ImageBufferDataCG.cpp:444 > + ASSERT(data); > + if (!data) > + return; We can't really both expect that is' impossible to have a null data (like the assert says) but also expect it is possible to have a null data (like the early return says) If it's truly impossible, we need to know why. If it's truly possible (such as we commonly get into the case where memory can't be allocated), then the ASSERT should be dropped. 1298521 4 307292 bfulgham 2017-04-18 17:16:58 -0700 Comment on attachment 307292 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=307292&action=review >> Source/WebCore/platform/graphics/cg/ImageBufferDataCG.cpp:444 >> + return; > > We can't really both expect that is' impossible to have a null data (like the assert says) but also expect it is possible to have a null data (like the early return says) > > If it's truly impossible, we need to know why. > > If it's truly possible (such as we commonly get into the case where memory can't be allocated), then the ASSERT should be dropped. Good point. I'll revise. 1298522 5 307439 bfulgham 2017-04-18 17:17:02 -0700 Created attachment 307439 Patch 1298690 6 bfulgham 2017-04-19 09:17:55 -0700 Committed r215514: <http://trac.webkit.org/changeset/215514> 307292 2017-04-17 13:38:05 -0700 2017-04-18 17:17:00 -0700 Patch bug-170912-20170417133754.patch text/plain 1414 bfulgham SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIxNTQyNikKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE0IEBACisyMDE3LTA0LTE3ICBCcmVudCBG dWxnaGFtICA8YmZ1bGdoYW1AYXBwbGUuY29tPgorCisgICAgICAgIFtpT1MsIG1hY09TXSBHdWFy ZCBhZ2FpbnN0IHBhc3NpbmcgbnVsbHB0ciB0byB2SW1hZ2VQcmVtdWx0aXBseURhdGEKKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE3MDkxMgorICAgICAg ICA8cmRhcjovL3Byb2JsZW0vMzA1NjU4MDA+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ IChPT1BTISkuCisKKyAgICAgICAgKiBwbGF0Zm9ybS9ncmFwaGljcy9jZy9JbWFnZUJ1ZmZlckRh dGFDRy5jcHA6CisgICAgICAgIChXZWJDb3JlOjpJbWFnZUJ1ZmZlckRhdGE6OnB1dERhdGEpOiBD aGVjayBmb3IgbnVsbHB0ciBkYXRhIG1lbWJlciBhbmQgYXZvaWQgcGFzc2luZyB0byB2SW1hZ2Ug cm91dGluZXMuCisKIDIwMTctMDQtMTcgIFRpbSBIb3J0b24gIDx0aW1vdGh5X2hvcnRvbkBhcHBs ZS5jb20+CiAKICAgICAgICAgUHJvdmlkZSBhIHZpZXdwb3J0IHBhcmFtZXRlciB0byBkaXNhYmxl IGNsaXBwaW5nIHRvIHRoZSBzYWZlIGFyZWEKSW5kZXg6IFNvdXJjZS9XZWJDb3JlL3BsYXRmb3Jt L2dyYXBoaWNzL2NnL0ltYWdlQnVmZmVyRGF0YUNHLmNwcAo9PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2Uv V2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9jZy9JbWFnZUJ1ZmZlckRhdGFDRy5jcHAJKHJldmlz aW9uIDIxNTQxNykKKysrIFNvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL2NnL0ltYWdl QnVmZmVyRGF0YUNHLmNwcAkod29ya2luZyBjb3B5KQpAQCAtNDM4LDYgKzQzOCwxMSBAQCB2b2lk IEltYWdlQnVmZmVyRGF0YTo6cHV0RGF0YShVaW50OENsYW1wCiAgICAgCiAgICAgaWYgKCFhY2Nl bGVyYXRlUmVuZGVyaW5nKSB7CiAgICAgICAgIGRlc3RCeXRlc1BlclJvdyA9IGJ5dGVzUGVyUm93 LnVuc2FmZUdldCgpOworCisgICAgICAgIEFTU0VSVChkYXRhKTsKKyAgICAgICAgaWYgKCFkYXRh KQorICAgICAgICAgICAgcmV0dXJuOworCiAgICAgICAgIGRlc3RSb3dzID0gcmVpbnRlcnByZXRf Y2FzdDx1bnNpZ25lZCBjaGFyKj4oZGF0YSkgKyAoZGVzdHkgKiBkZXN0Qnl0ZXNQZXJSb3cgKyBk ZXN0eCAqIDQpLnVuc2FmZUdldCgpOwogCiAjaWYgVVNFKEFDQ0VMRVJBVEUpCg== 307439 2017-04-18 17:17:02 -0700 2017-04-19 09:11:43 -0700 Patch bug-170912-20170418171701.patch text/plain 2991 bfulgham SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIxNTQ4OSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE3IEBACisyMDE3LTA0LTE3ICBCcmVudCBG dWxnaGFtICA8YmZ1bGdoYW1AYXBwbGUuY29tPgorCisgICAgICAgIFtpT1MsIG1hY09TXSBHdWFy ZCBhZ2FpbnN0IHBhc3NpbmcgbnVsbHB0ciB0byB2SW1hZ2VQcmVtdWx0aXBseURhdGEKKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE3MDkxMgorICAgICAg ICA8cmRhcjovL3Byb2JsZW0vMzA1NjU4MDA+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ IChPT1BTISkuCisKKyAgICAgICAgKiBwbGF0Zm9ybS9ncmFwaGljcy9jZy9JbWFnZUJ1ZmZlckRh dGFDRy5jcHA6CisgICAgICAgIChXZWJDb3JlOjphZmZpbmVXYXJwQnVmZmVyRGF0YSk6IEFzc2Vy dCBpZiB3ZSBwYXNzZWQgbnVsbHB0ciBidWZmZXJzLgorICAgICAgICAoV2ViQ29yZTo6dHJhbnNm ZXJEYXRhKTogRGl0dG8uCisgICAgICAgIChXZWJDb3JlOjpJbWFnZUJ1ZmZlckRhdGE6OmdldERh dGEpOiBDaGVjayBmb3IgbnVsbHB0ciBkYXRhIG1lbWJlciBhbmQgYXZvaWQgcGFzc2luZyB0byB2 SW1hZ2Ugcm91dGluZXMuCisgICAgICAgIChXZWJDb3JlOjpJbWFnZUJ1ZmZlckRhdGE6OnB1dERh dGEpOiBEaXR0by4KKwogMjAxNy0wNC0xOCAgSm9obiBXaWxhbmRlciAgPHdpbGFuZGVyQGFwcGxl LmNvbT4KIAogICAgICAgICBNYWtlIFdlYkNvcmU6OnRvcFByaXZhdGVseUNvbnRyb2xsZWREb21h aW4oKSByZXR1cm4gImxvY2FsaG9zdCIgZm9yIGxvY2FsaG9zdApJbmRleDogU291cmNlL1dlYkNv cmUvcGxhdGZvcm0vZ3JhcGhpY3MvY2cvSW1hZ2VCdWZmZXJEYXRhQ0cuY3BwCj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIFNvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL2NnL0ltYWdlQnVmZmVyRGF0YUNH LmNwcAkocmV2aXNpb24gMjE1NDg4KQorKysgU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3JhcGhp Y3MvY2cvSW1hZ2VCdWZmZXJEYXRhQ0cuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0xLDUgKzEsNSBA QAogLyoKLSAqIENvcHlyaWdodCAoQykgMjAxMS0yMDE2IEFwcGxlIEluYy4gQWxsIHJpZ2h0cyBy ZXNlcnZlZC4KKyAqIENvcHlyaWdodCAoQykgMjAxMS0yMDE3IEFwcGxlIEluYy4gQWxsIHJpZ2h0 cyByZXNlcnZlZC4KICAqCiAgKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQg YmluYXJ5IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKICAqIG1vZGlmaWNhdGlvbiwgYXJlIHBlcm1p dHRlZCBwcm92aWRlZCB0aGF0IHRoZSBmb2xsb3dpbmcgY29uZGl0aW9ucwpAQCAtODMsNiArODMs OSBAQCBzdGF0aWMgdm9pZCBwcmVtdWx0aXBseUJ1ZmZlckRhdGEoY29uc3QgCiAjaWYgIVBMQVRG T1JNKElPU19TSU1VTEFUT1IpCiBzdGF0aWMgdm9pZCBhZmZpbmVXYXJwQnVmZmVyRGF0YShjb25z dCB2SW1hZ2VfQnVmZmVyJiBzcmMsIGNvbnN0IHZJbWFnZV9CdWZmZXImIGRlc3QsIGZsb2F0IHNj YWxlKQogeworICAgIEFTU0VSVChzcmMuZGF0YSk7CisgICAgQVNTRVJUKGRlc3QuZGF0YSk7CisK ICAgICB2SW1hZ2VfQWZmaW5lVHJhbnNmb3JtIHNjYWxlVHJhbnNmb3JtID0geyBzY2FsZSwgMCwg MCwgc2NhbGUsIDAsIDAgfTsgLy8gRklYTUU6IEFkZCBzdWJwaXhlbCB0cmFuc2xhdGlvbi4KICAg ICBQaXhlbF84ODg4IGJhY2tncm91bmRDb2xvcjsKICAgICB2SW1hZ2VBZmZpbmVXYXJwX0FSR0I4 ODg4KCZzcmMsICZkZXN0LCAwLCAmc2NhbGVUcmFuc2Zvcm0sIGJhY2tncm91bmRDb2xvciwga3ZJ bWFnZUVkZ2VFeHRlbmQpOwpAQCAtOTMsNiArOTYsOSBAQCBzdGF0aWMgdm9pZCBhZmZpbmVXYXJw QnVmZmVyRGF0YShjb25zdCB2CiBzdGF0aWMgaW5saW5lIHZvaWQgdHJhbnNmZXJEYXRhKHZvaWQq IG91dHB1dCwgdm9pZCogaW5wdXQsIGludCB3aWR0aCwgaW50IGhlaWdodCwgc2l6ZV90IGlucHV0 Qnl0ZXNQZXJSb3cpCiB7CiAjaWYgVVNFKEFDQ0VMRVJBVEUpCisgICAgQVNTRVJUKGlucHV0KTsK KyAgICBBU1NFUlQob3V0cHV0KTsKKwogICAgIHZJbWFnZV9CdWZmZXIgc3JjOwogICAgIHNyYy53 aWR0aCA9IHdpZHRoOwogICAgIHNyYy5oZWlnaHQgPSBoZWlnaHQ7CkBAIC0xOTQsNiArMjAwLDkg QEAgUmVmUHRyPFVpbnQ4Q2xhbXBlZEFycmF5PiBJbWFnZUJ1ZmZlckRhdAogICAgIHVuc2lnbmVk IGNoYXIqIHNyY1Jvd3M7CiAgICAgCiAgICAgaWYgKCFhY2NlbGVyYXRlUmVuZGVyaW5nKSB7Cisg ICAgICAgIGlmICghZGF0YSkKKyAgICAgICAgICAgIHJldHVybiByZXN1bHQ7CisKICAgICAgICAg c3JjQnl0ZXNQZXJSb3cgPSBieXRlc1BlclJvdy51bnNhZmVHZXQoKTsKICAgICAgICAgc3JjUm93 cyA9IHJlaW50ZXJwcmV0X2Nhc3Q8dW5zaWduZWQgY2hhcio+KGRhdGEpICsgb3JpZ2lueSAqIHNy Y0J5dGVzUGVyUm93ICsgb3JpZ2lueCAqIDQ7CiAKQEAgLTQzNyw2ICs0NDYsOSBAQCB2b2lkIElt YWdlQnVmZmVyRGF0YTo6cHV0RGF0YShVaW50OENsYW1wCiAgICAgdW5zaWduZWQgY2hhciogZGVz dFJvd3M7CiAgICAgCiAgICAgaWYgKCFhY2NlbGVyYXRlUmVuZGVyaW5nKSB7CisgICAgICAgIGlm ICghZGF0YSkKKyAgICAgICAgICAgIHJldHVybjsKKwogICAgICAgICBkZXN0Qnl0ZXNQZXJSb3cg PSBieXRlc1BlclJvdy51bnNhZmVHZXQoKTsKICAgICAgICAgZGVzdFJvd3MgPSByZWludGVycHJl dF9jYXN0PHVuc2lnbmVkIGNoYXIqPihkYXRhKSArIChkZXN0eSAqIGRlc3RCeXRlc1BlclJvdyAr IGRlc3R4ICogNCkudW5zYWZlR2V0KCk7CiAK