Bug 51432

Summary: [chromium] Render surfaces with empty content rects cause crashes
Product: WebKit Reporter: Vangelis Kokkevis <vangelis>
Component: WebCore Misc.Assignee: Vangelis Kokkevis <vangelis>
Status: RESOLVED FIXED    
Severity: Normal CC: kbr
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: OS X 10.5   
Attachments:
Description Flags
Proposed patch kbr: review+, vangelis: commit-queue-

Vangelis Kokkevis
Reported 2010-12-21 16:43:00 PST
RenderSurfaceChromium's that have a zero content rect don't have a texture associated with them. In RenderSurfaceChromium::draw() we need to check for a NULL m_contentsTexture before trying to bind the texture and render the surface. The crash can trivially be reproduced by going to: www.boxee.tv
Attachments
Proposed patch (4.20 KB, patch)
2010-12-21 19:06 PST, Vangelis Kokkevis 		kbr: review+
vangelis: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Vangelis Kokkevis
Comment 1 2010-12-21 19:06:58 PST
Created attachment 77180 [details] Proposed patch
Kenneth Russell
Comment 2 2010-12-22 09:43:23 PST
Comment on attachment 77180 [details] Proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=77180&action=review Looks fine. One small typo. > LayoutTests/platform/chromium/compositing/empty-render-surface-crasher.html:27 > +<p>This page tests that an empty render surface does not crash as reporterd in <a href='https://bugs.webkit.org/show_bug.cgi?id=51432'>this bug</a>. Pass if this does not crash.</p> Typo: reporterd -> reported
Vangelis Kokkevis
Comment 3 2010-12-22 10:37:32 PST
Committed r74484: <http://trac.webkit.org/changeset/74484>
Vangelis Kokkevis
Comment 4 2010-12-22 10:38:09 PST
(In reply to comment #2) > (From update of attachment 77180 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=77180&action=review > > Looks fine. One small typo. > > > LayoutTests/platform/chromium/compositing/empty-render-surface-crasher.html:27 > > +<p>This page tests that an empty render surface does not crash as reporterd in <a href='https://bugs.webkit.org/show_bug.cgi?id=51432'>this bug</a>. Pass if this does not crash.</p> > > Typo: reporterd -> reported Ooops! Thanks. Fixed typo and landed.
Note You need to log in before you can comment on or make changes to this bug.