Bug 20457

Summary: Canvas: createPattern crashes WebKit with a 1D pattern
Product: WebKit Reporter: Dirk Schulze <krit>
Component: DOMAssignee: Anders Carlsson <andersca>
Status: RESOLVED FIXED    
Severity: Normal Keywords: HasReduction, InRadar
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
URL: http://philip.html5.org/tests/canvas/suite/tests/2d.pattern.basic.zerocanvas.html
Attachments:
Description Flags
Patch mjs: review+

Dirk Schulze
Reported 2008-08-20 06:01:50 PDT
If you create a 1 dimensional (width==0 || height==0) Pattern in Canvas, WebKit will crash.
Attachments
Patch (3.80 KB, patch)
2008-09-15 02:47 PDT, Anders Carlsson 		mjs: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2008-08-20 06:33:06 PDT
Reproducible crash -> P1. Thread 0 Crashed: 0 com.apple.WebCore 0x0322d99d WTF::RefPtr<WebCore::Image>::operator!() const + 9 (RefPtr.h:63) 1 com.apple.WebCore 0x034aaa81 WebCore::ImageBuffer::image() const + 27 (ImageBufferCG.cpp:99) 2 com.apple.WebCore 0x032340f7 WebCore::CanvasRenderingContext2D::createPattern(WebCore::HTMLCanvasElement*, WebCore::String const&, int&) + 135 (CanvasRenderingContext2D.cpp:1154) 3 com.apple.WebCore 0x034f431d WebCore::JSCanvasRenderingContext2D::createPattern(KJS::ExecState*, KJS::ArgList const&) + 545 (JSCanvasRenderingContext2DCustom.cpp:328) 4 com.apple.WebCore 0x034eff04 WebCore::jsCanvasRenderingContext2DPrototypeFunctionCreatePattern(KJS::ExecState*, KJS::JSObject*, KJS::JSValue*, KJS::ArgList const&) + 96 (JSCanvasRenderingContext2D.cpp:780)
Mark Rowe (bdash)
Comment 2 2008-08-20 15:07:44 PDT
<rdar://problem/6163988>
Anders Carlsson
Comment 3 2008-09-15 02:47:53 PDT
Created attachment 23434 [details] Patch
Maciej Stachowiak
Comment 4 2008-09-15 02:49:24 PDT
Comment on attachment 23434 [details] Patch r=me
Anders Carlsson
Comment 5 2008-09-15 04:36:15 PDT
Committed revision 36442.
Note You need to log in before you can comment on or make changes to this bug.