Bug 143549
| Summary: | [WebGL]WebKit will crash when GraphicsContext3D::createForCurrentGLContext() return null | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | await_me <jy_lizl> |
| Component: | WebGL | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED CONFIGURATION CHANGED | ||
| Severity: | Normal | CC: | kkinnunen |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
await_me
if GraphicsContext3D::createForCurrentGLContext() return 0 in TextureMapperGL's constructor,WebKit will crash
serval code and call stack is like follow:
WebCore::TextureMapperGLData::SharedGLData::currentSharedGLData(context) {GLContextDataMap::iterator it = glContextDataMap().find(context->platformGraphicsContext3D());}
WebCore::TextureMapperGLData::TextureMapperGLData(GraphicsContext3D* context) :context(context),sharedData(TextureMapperGLData::SharedGLData::currentSharedGLData(this->context)){}
WebCore::TextureMapperGL::TextureMapperGL() { m_context3D = GraphicsContext3D::createForCurrentGLContext();m_data = new TextureMapperGLData(m_context3D.get());}
when GraphicsContext3D::createForCurrentGLContext() return null, the parameters(m_context3D,context) will be null.
but currentSharedGLData had used context without null-check.
this will make webkit crash.
createForCurrentGLContext() method is as follow:
PassRefPtr<GraphicsContext3D> GraphicsContext3D::createForCurrentGLContext()
{
RefPtr<GraphicsContext3D> context = adoptRef(new GraphicsContext3D(Attributes(), 0, GraphicsContext3D::RenderToCurrentGLContext));
return context->m_private ? context.release() : 0;
}
when port has something wrong, context->m_private will be null.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |