RESOLVED FIXED 126947
[WebGL] Crash due to forceLostContext 
https://bugs.webkit.org/show_bug.cgi?id=126947
Summary [WebGL] Crash due to forceLostContext
Brent Fulgham
Reported 2014-01-13 16:30:15 PST
When a frame containing a WebGL context is detached, the WebGL context receives a call to stopActiveDOMObjects, which results in the WebGLRenderingContext::stop() method being called. This causes the underlying OpenGL context to be destroyed. If this destruction takes place as part of the replacement of a node with new HTML, this "in-destruction" node can be asked to adjust its style as part of layout. This causes RenderLayerBacking::updateGraphicsLayerConfiguration() to attempt to use the underlying OpenGL context, causing a crash. The simplest resolution would be the following change: Index: html/canvas/WebGLRenderingContext.cpp =================================================================== --- html/canvas/WebGLRenderingContext.cpp (revision 161907) +++ html/canvas/WebGLRenderingContext.cpp (working copy) @@ -4733,7 +4733,7 @@ #if USE(ACCELERATED_COMPOSITING) PlatformLayer* WebGLRenderingContext::platformLayer() const { - return m_context->platformLayer(); + return (m_context) ? m_context->platformLayer() : 0; } #endif However, this additional null check for every "platformLayer()" access might be too expensive.
Attachments
Patch (2.55 KB, patch)
2014-01-13 16:46 PST, Brent Fulgham 		dino: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2014-01-13 16:43:34 PST
Test coverage in webgl/conformance/textures/origin-clean-conformance.html.
Brent Fulgham
Comment 2 2014-01-13 16:43:45 PST
<rdar://problem/8622625>
Brent Fulgham
Comment 3 2014-01-13 16:46:03 PST
Created attachment 221089 [details] Patch
Brent Fulgham
Comment 4 2014-01-13 16:57:01 PST
Committed r161924: <http://trac.webkit.org/changeset/161924>
Note You need to log in before you can comment on or make changes to this bug.