| Summary: | [WebGL]WebKit will crash when GraphicsContext3D::createForCurrentGLContext() return null | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | await_me <jy_lizl> |
| Component: | WebGL | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED CONFIGURATION CHANGED | ||
| Severity: | Normal | CC: | kkinnunen |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
if GraphicsContext3D::createForCurrentGLContext() return 0 in TextureMapperGL's constructor,WebKit will crash serval code and call stack is like follow: WebCore::TextureMapperGLData::SharedGLData::currentSharedGLData(context) {GLContextDataMap::iterator it = glContextDataMap().find(context->platformGraphicsContext3D());} WebCore::TextureMapperGLData::TextureMapperGLData(GraphicsContext3D* context) :context(context),sharedData(TextureMapperGLData::SharedGLData::currentSharedGLData(this->context)){} WebCore::TextureMapperGL::TextureMapperGL() { m_context3D = GraphicsContext3D::createForCurrentGLContext();m_data = new TextureMapperGLData(m_context3D.get());} when GraphicsContext3D::createForCurrentGLContext() return null, the parameters(m_context3D,context) will be null. but currentSharedGLData had used context without null-check. this will make webkit crash. createForCurrentGLContext() method is as follow: PassRefPtr<GraphicsContext3D> GraphicsContext3D::createForCurrentGLContext() { RefPtr<GraphicsContext3D> context = adoptRef(new GraphicsContext3D(Attributes(), 0, GraphicsContext3D::RenderToCurrentGLContext)); return context->m_private ? context.release() : 0; } when port has something wrong, context->m_private will be null.