RESOLVED FIXED 170912
[iOS, macOS] Guard against passing nullptr to vImagePremultiplyData
https://bugs.webkit.org/show_bug.cgi?id=170912
Summary [iOS, macOS] Guard against passing nullptr to vImagePremultiplyData
Brent Fulgham
Reported 2017-04-17 13:35:27 PDT
If the system is under heavy memory pressure, it is possible for a calloc to fail, resulting in an ImageBuffer with a nullptr data member. We should return from an attempt to perform ImageBuffer::putData on a nullptr without taking any action, or perhaps RELEASE_ASSERT that we encountered this case. Since the memory pressure may be transient, it seems reasonable to just bail out early; a future attempt may succeed.
Attachments
Patch (1.38 KB, patch)
2017-04-17 13:38 PDT, Brent Fulgham
no flags
Patch (2.92 KB, patch)
2017-04-18 17:17 PDT, Brent Fulgham
beidson: review+
Brent Fulgham
Comment 1 2017-04-17 13:38:05 PDT
Brent Fulgham
Comment 2 2017-04-18 13:12:55 PDT
Brady Eidson
Comment 3 2017-04-18 16:59:42 PDT
Comment on attachment 307292 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=307292&action=review > Source/WebCore/platform/graphics/cg/ImageBufferDataCG.cpp:444 > + ASSERT(data); > + if (!data) > + return; We can't really both expect that is' impossible to have a null data (like the assert says) but also expect it is possible to have a null data (like the early return says) If it's truly impossible, we need to know why. If it's truly possible (such as we commonly get into the case where memory can't be allocated), then the ASSERT should be dropped.
Brent Fulgham
Comment 4 2017-04-18 17:16:58 PDT
Comment on attachment 307292 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=307292&action=review >> Source/WebCore/platform/graphics/cg/ImageBufferDataCG.cpp:444 >> + return; > > We can't really both expect that is' impossible to have a null data (like the assert says) but also expect it is possible to have a null data (like the early return says) > > If it's truly impossible, we need to know why. > > If it's truly possible (such as we commonly get into the case where memory can't be allocated), then the ASSERT should be dropped. Good point. I'll revise.
Brent Fulgham
Comment 5 2017-04-18 17:17:02 PDT
Brent Fulgham
Comment 6 2017-04-19 09:17:55 PDT
Note You need to log in before you can comment on or make changes to this bug.