RESOLVED FIXED 182282
REGRESSION(r227594) [WinCairo] NULL pointer crash in GraphicsContext::getWindowsContext 
https://bugs.webkit.org/show_bug.cgi?id=182282
Summary REGRESSION(r227594) [WinCairo] NULL pointer crash in GraphicsContext::getWind...
Christopher Reid
Reported 2018-01-30 00:22:33 PST
GraphicsContext::m_data is null and dereferenced in GraphicsContextWin.cpp GraphicsContext::getWindowsContext. This is happening when loading a lot of websites such as youtube.com. Call stack: WebKit.dll!WebCore::GraphicsContext::getWindowsContext(const WebCore::IntRect & dstRect, bool supportAlphaBlend, bool mayCreateBitmap) Line 106 C++ Symbols loaded. [Inline Frame] WebKit.dll!WebCore::LocalWindowsContext::{ctor}(WebCore::GraphicsContext &) Line 43 C++ Symbols loaded. WebKit.dll!WebCore::ScrollbarThemeWin::paintButton(WebCore::GraphicsContext & context, WebCore::Scrollbar & scrollbar, const WebCore::IntRect & rect, WebCore::ScrollbarPart part) Line 342 C++ Symbols loaded. WebKit.dll!WebCore::ScrollbarThemeComposite::paint(WebCore::Scrollbar & scrollbar, WebCore::GraphicsContext & graphicsContext, const WebCore::IntRect & damageRect) Line 84 C++ Symbols loaded. WebKit.dll!WebCore::Scrollbar::paint(WebCore::GraphicsContext & context, const WebCore::IntRect & damageRect, WebCore::Widget::SecurityOriginPaintPolicy __formal) Line 169 C++ Symbols loaded. WebKit.dll!WebCore::paintScrollbar(WebCore::Scrollbar * scrollbar, WebCore::GraphicsContext & context, const WebCore::IntRect & clip) Line 2756 C++ Symbols loaded. WebKit.dll!WebCore::RenderLayerCompositor::paintContents(const WebCore::GraphicsLayer * graphicsLayer, WebCore::GraphicsContext & context, unsigned int __formal, const WebCore::FloatRect & clip, unsigned int __formal) Line 2766 C++ Symbols loaded. WebKit.dll!WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext & context, const WebCore::FloatRect & clip, unsigned int layerPaintBehavior) Line 435 C++ Symbols loaded. WebKit.dll!WebCore::BitmapTexture::updateContents(WebCore::TextureMapper & __formal, WebCore::GraphicsLayer * sourceLayer, const WebCore::IntRect & targetRect, const WebCore::IntPoint & offset, WebCore::BitmapTexture::UpdateContentsFlag updateContentsFlag, float scale) Line 57 C++ Symbols loaded. WebKit.dll!WebCore::TextureMapperTile::updateContents(WebCore::TextureMapper & textureMapper, WebCore::GraphicsLayer * sourceLayer, const WebCore::IntRect & dirtyRect, WebCore::BitmapTexture::UpdateContentsFlag updateContentsFlag, float scale) Line 68 C++ Symbols loaded. WebKit.dll!WebCore::TextureMapperTiledBackingStore::updateContents(WebCore::TextureMapper & textureMapper, WebCore::GraphicsLayer * sourceLayer, const WebCore::FloatSize & totalSize, const WebCore::IntRect & dirtyRect, WebCore::BitmapTexture::UpdateContentsFlag updateContentsFlag) Line 163 C++ Symbols loaded. WebKit.dll!WebCore::GraphicsLayerTextureMapper::updateBackingStoreIfNeeded() Line 552 C++ Symbols loaded.
Attachments
WIP patch (767 bytes, patch)
2018-01-30 23:27 PST, Fujii Hironori 		no flags
DetailsFormatted DiffDiff
Patch (9.10 KB, patch)
2018-01-31 20:51 PST, Fujii Hironori 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Christopher Reid
Comment 1 2018-01-30 01:45:43 PST
It looks like the issue is caused because m_data is not being initialized when using the GraphicsContext factory constructor. platformInit is not being called here because GraphicsContextImpl creates its own GraphicsContextPlatformPrivate object. It seems like windows GraphicsContexts should be conditionally using a GraphicsContextPlatformPrivate object from GraphicsContextImpl instead of trying to directly access to m_data.
Fujii Hironori
Comment 2 2018-01-30 23:27:39 PST
Created attachment 332745 [details] WIP patch Hi Zan, This is cuased by Bug 181977. My WIP patch reverts a part of it. Could you take a look?
Fujii Hironori
Comment 3 2018-01-31 20:51:22 PST
Created attachment 332845 [details] Patch
Zan Dobersek
Comment 4 2018-02-01 14:07:28 PST
Comment on attachment 332845 [details] Patch Sorry about this and previous breakages. I try to make sure WinCairo EWS still compiles these changes, but I usually don't catch these more complex cases.
WebKit Commit Bot
Comment 5 2018-02-01 16:16:55 PST
Comment on attachment 332845 [details] Patch Clearing flags on attachment: 332845 Committed r227988: <https://trac.webkit.org/changeset/227988>
WebKit Commit Bot
Comment 6 2018-02-01 16:16:57 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 7 2018-02-01 16:17:40 PST
<rdar://problem/37135878>
Note You need to log in before you can comment on or make changes to this bug.