RESOLVED FIXED 119297
DHTML drag can result in a null-deref under WebDragClient::startDrag 
https://bugs.webkit.org/show_bug.cgi?id=119297
Summary DHTML drag can result in a null-deref under WebDragClient::startDrag
Tim Horton
Reported 2013-07-30 18:02:33 PDT
WebDragClient::startDrag's convertImageToBitmap will happily call createGraphicsContext on a null ShareableBitmap. It shouldn't do this, because the ShareableBitmap can be null for a variety of reasons. In addition, FrameSnapshottingMac::snapshotDragImage will happily waste time "painting" a 0x0 image, which it will then return and will eventually make its way to WebDragClient::startDrag, which will try to turn it into a ShareableBitmap and assert or crash because it has no size. <rdar://problem/14213012>
Attachments
wrong version (3.00 KB, patch)
2013-07-30 18:07 PDT, Tim Horton 		buildbot: commit-queue-
DetailsFormatted DiffDiff
patch (5.58 KB, patch)
2013-07-30 19:26 PDT, Tim Horton 		simon.fraser: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Tim Horton
Comment 1 2013-07-30 18:07:31 PDT
Created attachment 207791 [details] wrong version This one should be easy to test.
Build Bot
Comment 2 2013-07-30 18:35:08 PDT
Comment on attachment 207791 [details] wrong version Attachment 207791 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.appspot.com/results/1292500
Build Bot
Comment 3 2013-07-30 18:48:15 PDT
Comment on attachment 207791 [details] wrong version Attachment 207791 [details] did not pass mac-ews (mac): Output: http://webkit-queues.appspot.com/results/1288620
Tim Horton
Comment 4 2013-07-30 19:26:42 PDT
Created attachment 207798 [details] patch
Tim Horton
Comment 5 2013-07-30 22:56:41 PDT
http://trac.webkit.org/changeset/153511
Tim Horton
Comment 6 2013-08-30 02:56:50 PDT
*** Bug 119027 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.