Bug 193309

Summary: Safari Crashing in Version 12.0.1 (14606.2.104.1.1) WebCore::GraphicsLayerCA::updateBackdropFilters
Product: WebKit Reporter: Dean Jackson <dino>
Component: New BugsAssignee: Dean Jackson <dino>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, graouts, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch graouts: review+

Dean Jackson
Reported 2019-01-09 16:33:55 PST
Safari Crashing in Version 12.0.1 (14606.2.104.1.1) WebCore::GraphicsLayerCA::updateBackdropFilters
Attachments
Patch (3.76 KB, patch)
2019-01-09 16:40 PST, Dean Jackson 		graouts: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dean Jackson
Comment 1 2019-01-09 16:34:20 PST
<rdar://problem/45279224>
Dean Jackson
Comment 2 2019-01-09 16:40:42 PST
Created attachment 358765 [details] Patch
Antoine Quint
Comment 3 2019-01-10 02:31:52 PST
Comment on attachment 358765 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=358765&action=review > Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp:2157 > + if (backdropFilterRect.width() > 0 && backdropFilterRect.height() > 0) { Should `canHaveBackdropFilters` be set to true in case either the width or height is 0? Also, do we need the `> 0` check? I assume these values can't be negative.
Dean Jackson
Comment 4 2019-01-10 09:26:45 PST
Comment on attachment 358765 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=358765&action=review >> Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp:2157 >> + if (backdropFilterRect.width() > 0 && backdropFilterRect.height() > 0) { > > Should `canHaveBackdropFilters` be set to true in case either the width or height is 0? Also, do we need the `> 0` check? I assume these values can't be negative. If either the width or height is 0, then there is no point having a backdrop layer. Regarding negative, I don't think they ever should be < 0, but it is technically possible... and one of the ways the crash could have happened. I'm hoping to get a reproduction from an originator to see what really went wrong.
Dean Jackson
Comment 5 2019-01-10 10:09:29 PST
Committed r239833: <https://trac.webkit.org/changeset/239833>
Note You need to log in before you can comment on or make changes to this bug.