Created attachment 20510 [details] patch The problem is that the source and destination areas are not always the same sizes, and without a check the underlying wx Blit code crashes. This is why I jsut added a simple check and if the sizes dont match hte function quits. This is just to prevent a crash, I am not sure how is it specified in the call how exactly to handle stretching or tiling of the image to fit the destination rect.

Comment on attachment 20510 [details] patch I think you probably just need to add a null check for your underlying platform image (like Mac has). I recently removed the cross-platform null checks from draw and drawTiled, so it's up to the platforms to null-check now.

@Hyatt, we do check for a NULL image when we call frameAtIndex, so we shouldn't be hitting this point in the code without a valid image. @Alexander, I'll prepare some code to resize images as we need that anyway, but we've never hit a crash before just because the src and dest rect were different, and I have so far been unable to reproduce your crash. Since I don't have MinGW setup, I would really appreciate if you could attach the stack traces for these crashes (this and the mouse one too) so I can look at the code paths that lead to these crashes.

Created attachment 20528 [details] patch to ImageWx.cpp This patch adds support for image rescaling in the draw method, as well as filling with solid color when source is 1x1 pixel

@Hyatt: Yes, the images are checked and they aren't null, we have valid images when the crash happens. @Kevin: The crash with the 'dir.bg' site occurred also with msvc, in exactly the same way. I have dug deeply in wxWidgets to find the cause - it was because of the Blit code trying to read the source image past its end - wxWidgets assumes that the source and destination are of the same size and does not perform any checks on this. As for the image resize, I just committed a patch and then read your reply that you are going to do the same - I'm not sure my variant of rescaling is very efficient, but this seems to be the only way to rescale image - by converting to wxImage and then back to wxBitmap, the doc says the only other way is to blit between wxMemoryDC-s but i didn't find out any resizing support special for wxMemoryDC, so I used the canonical way via wxImage. Since I have changed the original files, and now the crashes don't occur, I will do a build on the original source tree and send you the traces

Kevin, here are the stack traces for both crashes: Image crash: Program received signal SIGSEGV, Segmentation fault. AlphaBlt (hdcDst=0xfc0132de, x=707, y=51, width=42, height=18, srcX=0, srcY=0, hdcSrc=0x0, bmp=@0x22d650) at ../include/wx/rawbmp.h:588 588 ChannelType& Alpha() { return m_ptr[PixelFormat::ALPHA]; } Current language: auto; currently c++ (gdb) bt #0 AlphaBlt (hdcDst=0xfc0132de, x=707, y=51, width=42, height=18, srcX=0, srcY=0, hdcSrc=0x0, bmp=@0x22d650) at ../include/wx/rawbmp.h:588 #1 0x6289a5f0 in wxDC::DoBlit (this=0x22e5f4, xdest=707, ydest=51, width=42, height=18, source=0x22d574, xsrc=0, ysrc=0, rop=5, useMask=true, xsrcMask=-1, ysrcMask=-1) at ../include/wx/msw/dc.h:107 #2 0x00cbb187 in wxDCBase::Blit (this=0x22e5f4, xdest=707, ydest=51, width=42, height=18, source=0x22d574, xsrc=0, ysrc=0, rop=5, useMask=true, xsrcMask=-1, ysrcMask=-1) at /devel/wxWidgets-2.8.7/include/wx/dc.h:306 #3 0x006fb732 in WebCore::BitmapImage::draw (this=0xfcc8b68, ctxt=0x10474bd8, dst=@0x22d704, src=@0x22d724, op=CompositeSourceOver) at platform/graphics/wx/ImageWx.cpp:112 #4 0x0054b745 in WebCore::GraphicsContext::drawImage (this=0x10474bd8, image=0xfcc8b68, dest=@0x22d784, src=@0x22d794, op=CompositeSourceOver, useLowQualityScale=false) at platform/graphics/GraphicsContext.cpp:358 #5 0x0054ad20 in WebCore::GraphicsContext::drawImage (this=0x10474bd8, image=0xfcc8b68, dest=@0x22d914, srcRect=@0x22d7e4, op=CompositeSourceOver, useLowQualityScale=false) at platform/graphics/GraphicsContext.cpp:227 #6 0x0054ac5c in WebCore::GraphicsContext::drawImage (this=0x10474bd8, image=0xfcc8b68, r=@0x22d914, op=CompositeSourceOver, useLowQualityScale=false) at platform/graphics/GraphicsContext.cpp:217 #7 0x007449fe in WebCore::RenderImage::paintReplaced (this=0x103d904c, paintInfo=@0x22d9f4, tx=707, ty=51) at rendering/RenderImage.cpp:258 #8 0x007301ab in WebCore::RenderReplaced::paint (this=0x103d904c, paintInfo=@0x22d9f4, tx=707, ty=51) at rendering/RenderReplaced.cpp:129 #9 0x006fa66a in WebCore::InlineBox::paint (this=0xfc58a2c, paintInfo=@0x22da74, tx=707, ty=51) at rendering/InlineBox.cpp:154 #10 0x00712470 in WebCore::InlineFlowBox::paint (this=0x10385114, paintInfo=@0x22db04, tx=707, ty=51) at rendering/InlineFlowBox.cpp:640 ---Type <return> to continue, or q <return> to quit--- #11 0x00712470 in WebCore::InlineFlowBox::paint (this=0x10385184, paintInfo=@0x22dc84, tx=707, ty=51) at rendering/InlineFlowBox.cpp:640 #12 0x00707f14 in WebCore::RootInlineBox::paint (this=0x10385184, paintInfo=@0x22dc84, tx=707, ty=51) at rendering/RootInlineBox.cpp:179 #13 0x00717b44 in WebCore::RenderFlow::paintLines (this=0x103d83fc, paintInfo=@0x22de14, tx=707, ty=51) at rendering/RenderFlow.cpp:433 #14 0x006718e7 in WebCore::RenderBlock::paintContents (this=0x103d83fc, paintInfo=@0x22de14, tx=707, ty=51) at rendering/RenderBlock.cpp:1502 #15 0x00672020 in WebCore::RenderBlock::paintObject (this=0x103d83fc, paintInfo=@0x22de14, tx=707, ty=51) at rendering/RenderBlock.cpp:1586 #16 0x00671357 in WebCore::RenderBlock::paint (this=0x103d83fc, paintInfo=@0x22de14, tx=707, ty=51) at rendering/RenderBlock.cpp:1416 #17 0x00672653 in WebCore::RenderBlock::paintFloats (this=0x1049fd9c, paintInfo=@0x22df54, tx=0, ty=39, preservePhase=false) at rendering/RenderBlock.cpp:1650 #18 0x00672107 in WebCore::RenderBlock::paintObject (this=0x1049fd9c, paintInfo=@0x22df54, tx=0, ty=39) at rendering/RenderBlock.cpp:1600 #19 0x00671357 in WebCore::RenderBlock::paint (this=0x1049fd9c, paintInfo=@0x22df54, tx=0, ty=39) at rendering/RenderBlock.cpp:1416 #20 0x00671b14 in WebCore::RenderBlock::paintChildren (this=0x1049fbac, paintInfo=@0x22e094, tx=0, ty=39) at rendering/RenderBlock.cpp:1528 #21 0x00671909 in WebCore::RenderBlock::paintContents (this=0x1049fbac, paintInfo=@0x22e094, tx=0, ty=39) at rendering/RenderBlock.cpp:1504 #22 0x00672020 in WebCore::RenderBlock::paintObject (this=0x1049fbac, paintInfo=@0x22e094, tx=0, ty=39) at rendering/RenderBlock.cpp:1586 #23 0x00671357 in WebCore::RenderBlock::paint (this=0x1049fbac, paintInfo=@0x22e094, tx=0, ty=39) at rendering/RenderBlock.cpp:1416 #24 0x00671b14 in WebCore::RenderBlock::paintChildren (this=0x10278ddc, paintInfo=@0x22e1d4, tx=0, ty=0) at rendering/RenderBlock.cpp:1528 ---Type <return> to continue, or q <return> to quit--- #25 0x00671909 in WebCore::RenderBlock::paintContents (this=0x10278ddc, paintInfo=@0x22e1d4, tx=0, ty=0) at rendering/RenderBlock.cpp:1504 #26 0x00672020 in WebCore::RenderBlock::paintObject (this=0x10278ddc, paintInfo=@0x22e1d4, tx=0, ty=0) at rendering/RenderBlock.cpp:1586 #27 0x00671357 in WebCore::RenderBlock::paint (this=0x10278ddc, paintInfo=@0x22e1d4, tx=0, ty=0) at rendering/RenderBlock.cpp:1416 #28 0x00671b14 in WebCore::RenderBlock::paintChildren (this=0xfc95c2c, paintInfo=@0x22e314, tx=0, ty=0) at rendering/RenderBlock.cpp:1528 #29 0x00671909 in WebCore::RenderBlock::paintContents (this=0xfc95c2c, paintInfo=@0x22e314, tx=0, ty=0) at rendering/RenderBlock.cpp:1504 #30 0x00672020 in WebCore::RenderBlock::paintObject (this=0xfc95c2c, paintInfo=@0x22e314, tx=0, ty=0) at rendering/RenderBlock.cpp:1586 #31 0x00671357 in WebCore::RenderBlock::paint (this=0xfc95c2c, paintInfo=@0x22e314, tx=0, ty=0) at rendering/RenderBlock.cpp:1416 #32 0x0050437b in WebCore::RenderLayer::paintLayer (this=0xfc95cd4, rootLayer=0xfc3222c, p=0x10474bd8, paintDirtyRect=@0x22e5c4, haveTransparency=false, paintRestriction=PaintRestrictionNone, paintingRoot=0x0, appliedTransform=false) at rendering/RenderLayer.cpp:1599 #33 0x005045c7 in WebCore::RenderLayer::paintLayer (this=0xfc3222c, rootLayer=0xfc3222c, p=0x10474bd8, paintDirtyRect=@0x22e5c4, haveTransparency=false, paintRestriction=PaintRestrictionNone, paintingRoot=0x0, appliedTransform=false) at rendering/RenderLayer.cpp:1626 #34 0x00503bc0 in WebCore::RenderLayer::paint (this=0xfc3222c, p=0x10474bd8, damageRect=@0x22e5c4, paintRestriction=PaintRestrictionNone, paintingRoot=0x0) at rendering/RenderLayer.cpp:1451 #35 0x0042ddc8 in WebCore::Frame::paint (this=0xfc3d188, p=0x10474bd8, rect=@0x22e5c4) at page/Frame.cpp:1346 #36 0x0040c928 in wxWebView::OnPaint (this=0xfc3c638, event=@0x22e934) at WebView.cpp:442 ---Type <return> to continue, or q <return> to quit--- #37 0x6cec7285 in wxEvtHandler::ProcessEventIfMatches (entry=@0x10852e0, handler=0xfc3c638, event=@0x22e934) at ../include/wx/app.h:287 #38 0x6cec75dc in wxEventHashTable::HandleEvent (this=0x1, event=@0x22e934, self=0xfc3c638) at ../include/wx/event.h:2319 #39 0x6cec85d9 in wxEvtHandler::ProcessEvent (this=0xfc3c638, event=@0x22e934) at ../src/common/event.cpp:1287 #40 0x628d4e34 in wxWindow::HandlePaint (this=0xfc3c638) at ../include/wx/window.h:612 #41 0x628da5e2 in wxWindow::MSWWindowProc (this=0xfc3c638, message=15, wParam=0, lParam=0) at ../src/msw/window.cpp:2723 #42 0x628d1830 in wxWndProc (hWnd=0xa60bca, message=15, wParam=0, lParam=0) at ../src/msw/window.cpp:2594 #43 0x7e418734 in USER32!GetDC () from /cygdrive/c/WINDOWS/system32/user32.dll #44 0x00a60bca in xmlSchemaXPathProcessHistory () #45 0x7e418816 in USER32!GetDC () from /cygdrive/c/WINDOWS/system32/user32.dll #46 0x628d1780 in wxWindowCreationHook::~wxWindowCreationHook () at ../src/msw/window.cpp:2566 #47 0x7e41b4c0 in USER32!DefWindowProcW () from /cygdrive/c/WINDOWS/system32/user32.dll #48 0x00000000 in ?? () (gdb) Mouse event crash: Program received signal SIGSEGV, Segmentation fault. 0x0050c42e in WebCore::EventTargetNode::dispatchMouseEvent (this=0xfc56f30, event=@0x22f57c, eventType=@0x1086dcc, detail=1, relatedTarget=0x0) at dom/EventTargetNode.cpp:195 195 ASSERT(event.eventType() == MouseEventMoved || button != NoButton); Current language: auto; currently c++ (gdb) bt #0 0x0050c42e in WebCore::EventTargetNode::dispatchMouseEvent ( this=0xfc56f30, event=@0x22f57c, eventType=@0x1086dcc, detail=1, relatedTarget=0x0) at dom/EventTargetNode.cpp:195 #1 0x0043b602 in WebCore::EventHandler::dispatchMouseEvent (this=0xfc3de70, eventType=@0x1086dcc, targetNode=0xfc56f30, cancelable=true, clickCount=1, mouseEvent=@0x22f57c, setUnder=false) at page/EventHandler.cpp:1262 #2 0x0043a4df in WebCore::EventHandler::handleMouseReleaseEvent ( this=0xfc3de70, mouseEvent=@0x22f57c) at page/EventHandler.cpp:1079 #3 0x0040cbf7 in wxWebView::OnMouseEvents (this=0xfc3c638, event=@0x22f6bc) at WebView.cpp:483 #4 0x6cec7285 in wxEvtHandler::ProcessEventIfMatches (entry=@0x1085328, handler=0xfc3c638, event=@0x22f6bc) at ../include/wx/app.h:287 #5 0x6cec75dc in wxEventHashTable::HandleEvent (this=0x1, event=@0x22f6bc, self=0xfc3c638) at ../include/wx/event.h:2319 #6 0x6cec85d9 in wxEvtHandler::ProcessEvent (this=0xfc3c638, event=@0x22f6bc) at ../src/common/event.cpp:1287 #7 0x628d6996 in wxWindow::HandleMouseEvent (this=0xfc3c638, msg=167, x=167, y=167, flags=167) at ../include/wx/window.h:612 #8 0x628d95c1 in wxWindow::MSWWindowProc (this=0xfc3c638, message=514, wParam=0, lParam=9109751) at ../src/msw/window.cpp:2860 #9 0x628d1830 in wxWndProc (hWnd=0x7a0b20, message=514, wParam=0, lParam=9109751) at ../src/msw/window.cpp:2594 #10 0x7e418734 in USER32!GetDC () from /cygdrive/c/WINDOWS/system32/user32.dll #11 0x007a0b20 in WebCore::HTMLTokenizer::HTMLTokenizer (this=0x628d1780, doc=0x7a0b20, reportErrors=220) at html/HTMLTokenizer.cpp:169 #12 0x7e418816 in USER32!GetDC () from /cygdrive/c/WINDOWS/system32/user32.dll #13 0x628d1780 in wxWindowCreationHook::~wxWindowCreationHook () at ../src/msw/window.cpp:2566 #14 0x7e4189cd in USER32!GetWindowLongW () ---Type <return> to continue, or q <return> to quit--- from /cygdrive/c/WINDOWS/system32/user32.dll #15 0x00000000 in ?? () (gdb)

If you want to submit a patch for review, you should flag it with a '?' rather than a '+'. A WebKit reviewer needs to be the one to give it a '+', which means it's ready to land in the trunk. (All WebKit patches must be reviewed by someone other than the submitter.) Thanks!

Ups, sorry, Kevin, as you can see I am not yet familiar with bugzilla :) Sorry for the confusion

Landed in r34178, thanks!