Bug 20567 - Fix GeneratedImage usage to respect Image's refcounting
Summary: Fix GeneratedImage usage to respect Image's refcounting
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-08-29 05:45 PDT by Eric Seidel (no email)
Modified: 2008-08-29 15:02 PDT (History)
1 user (show)

See Also:

Attachments
Fix GeneratedImage to respect Image's refcounting (5.75 KB, patch)
2008-08-29 05:49 PDT, Eric Seidel (no email) 		hyatt: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Eric Seidel (no email) 2008-08-29 05:45:21 PDT 
Fix GeneratedImage usage to respect Image's refcounting

I found this while I was searching for the Image-related leak on ToT.
Comment 1 Eric Seidel (no email) 2008-08-29 05:49:02 PDT 
Created attachment 23067 [details]
Fix GeneratedImage to respect Image's refcounting

 WebCore/css/CSSGradientValue.cpp           |   11 ++++++-----
 WebCore/css/CSSImageGeneratorValue.cpp     |    7 +++----
 WebCore/css/CSSImageGeneratorValue.h       |    4 ++--
 WebCore/platform/graphics/GeneratedImage.h |   11 ++++++++---
 WebCore/rendering/style/RenderStyle.cpp    |    5 ++---
 WebCore/rendering/style/RenderStyle.h      |    4 ++--
 6 files changed, 23 insertions(+), 19 deletions(-)
Comment 2 Eric Seidel (no email) 2008-08-29 05:50:16 PDT 
I don't think this will fix any leaks seen on ToT, but it will prevent future crashes due to clients expecting Images to live as long as their refcount is non-zero. :)
Comment 3 Eric Seidel (no email) 2008-08-29 05:50:32 PDT 
I will add a ChangeLog when I land.
Comment 4 Eric Seidel (no email) 2008-08-29 05:55:54 PDT 
For example, if somehow this image could be used as a tile to a Pattern, it's possible that this could be made to crash on ToT.  I'm not really sure how to use GeneratedImages, but if one can get an HTMLImageElement to use one so that a CanvasPattern can end up creating a Pattern using a GeneratedImage, then the following code should crash webkit:

var canvas = document.getElementById("canvas");
var img = document.getElementById("imgUsingGeneratedImage");
var ctx = canvas.getContext("2d");
var pattern = ctx.createPattern(image);
img.parentNode.removeChild(img);
ctx.fillStyle = pattern;
ctx.fillRect(0, 0, 100, 100);
Comment 5 Dave Hyatt 2008-08-29 12:20:21 PDT 
Comment on attachment 23067 [details]
Fix GeneratedImage to respect Image's refcounting

r=me