| Summary: | [WebGL] Crash due to forceLostContext | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Brent Fulgham <bfulgham> | ||||
| Component: | WebGL | Assignee: | Brent Fulgham <bfulgham> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | bfulgham, commit-queue, dino, esprehn+autocc, gyuyoung.kim, kondapallykalyan, roger_fong | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Bug Depends on: | 104733 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
Test coverage in webgl/conformance/textures/origin-clean-conformance.html. Created attachment 221089 [details]
Patch
Committed r161924: <http://trac.webkit.org/changeset/161924> |
When a frame containing a WebGL context is detached, the WebGL context receives a call to stopActiveDOMObjects, which results in the WebGLRenderingContext::stop() method being called. This causes the underlying OpenGL context to be destroyed. If this destruction takes place as part of the replacement of a node with new HTML, this "in-destruction" node can be asked to adjust its style as part of layout. This causes RenderLayerBacking::updateGraphicsLayerConfiguration() to attempt to use the underlying OpenGL context, causing a crash. The simplest resolution would be the following change: Index: html/canvas/WebGLRenderingContext.cpp =================================================================== --- html/canvas/WebGLRenderingContext.cpp (revision 161907) +++ html/canvas/WebGLRenderingContext.cpp (working copy) @@ -4733,7 +4733,7 @@ #if USE(ACCELERATED_COMPOSITING) PlatformLayer* WebGLRenderingContext::platformLayer() const { - return m_context->platformLayer(); + return (m_context) ? m_context->platformLayer() : 0; } #endif However, this additional null check for every "platformLayer()" access might be too expensive.