Bug 143549 - [WebGL]WebKit will crash when GraphicsContext3D::createForCurrentGLContext() return null
Summary: [WebGL]WebKit will crash when GraphicsContext3D::createForCurrentGLContext() ...
Status: RESOLVED CONFIGURATION CHANGED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebGL (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-08 19:57 PDT by await_me
Modified: 2024-01-17 01:09 PST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description await_me 2015-04-08 19:57:32 PDT 
if GraphicsContext3D::createForCurrentGLContext() return 0 in TextureMapperGL's constructor,WebKit will crash
serval code and call stack is like follow:
WebCore::TextureMapperGLData::SharedGLData::currentSharedGLData(context) {GLContextDataMap::iterator it = glContextDataMap().find(context->platformGraphicsContext3D());}
WebCore::TextureMapperGLData::TextureMapperGLData(GraphicsContext3D* context) :context(context),sharedData(TextureMapperGLData::SharedGLData::currentSharedGLData(this->context)){}
WebCore::TextureMapperGL::TextureMapperGL() { m_context3D = GraphicsContext3D::createForCurrentGLContext();m_data = new TextureMapperGLData(m_context3D.get());}

when GraphicsContext3D::createForCurrentGLContext() return null, the parameters(m_context3D,context) will be null.
but currentSharedGLData had used context without null-check.
this will make webkit crash.

createForCurrentGLContext() method is as follow:
PassRefPtr<GraphicsContext3D> GraphicsContext3D::createForCurrentGLContext()
{
    RefPtr<GraphicsContext3D> context = adoptRef(new GraphicsContext3D(Attributes(), 0, GraphicsContext3D::RenderToCurrentGLContext));
    return context->m_private ? context.release() : 0;
}

when port has something wrong, context->m_private will be null.