Bug 209141 - [GPU Process] Implement DisplayList clipToImageBuffer
Summary: [GPU Process] Implement DisplayList clipToImageBuffer
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Canvas (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Said Abou-Hallawa
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-16 11:11 PDT by Said Abou-Hallawa
Modified: 2020-03-16 18:37 PDT (History)
5 users (show)

See Also:

Attachments
test case (696 bytes, text/html)
2020-03-16 12:02 PDT, Said Abou-Hallawa 		no flags Details
Patch (17.70 KB, patch)
2020-03-16 13:12 PDT, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
Patch (22.95 KB, patch)
2020-03-16 13:28 PDT, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
Patch (22.89 KB, patch)
2020-03-16 14:56 PDT, Said Abou-Hallawa 		sabouhallawa: review?
Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Said Abou-Hallawa 2020-03-16 11:11:29 PDT 
Repro steps:

Repro steps:

1. Launch mini-browser
2. Enable "Settings/Internal Features/Render Canvas in GPU Process" or "Settings/Enable Display List Drawing".
3. Open the attached test case

Result: WebKit will crash with the following call stack:

#0	0x000000056b81212c in WTF::RetainPtr<CGContext*>::operator!() const at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/RetainPtr.h:103
#1	0x000000056b811936 in WebCore::GraphicsContext::platformContext() const at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp:254
#2	0x000000056b8146be in WebCore::GraphicsContext::clipToImageBuffer(WebCore::ImageBuffer&, WebCore::FloatRect const&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp:518
#3	0x000000056ad21a4a in WebCore::CanvasRenderingContext2D::drawTextInternal(WTF::String const&, float, float, bool, WTF::Optional<float>) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:574
#4	0x000000056ad20d8d in WebCore::CanvasRenderingContext2D::fillText(WTF::String const&, float, float, WTF::Optional<float>) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:332
#5	0x0000000568642660 in WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillTextBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*, JSC::ThrowScope&) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/DerivedSources/WebCore/JSCanvasRenderingContext2D.cpp:2895
#6	0x00000005685ab972 in long long WebCore::IDLOperation<WebCore::JSCanvasRenderingContext2D>::call<&(WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillTextBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/bindings/js/JSDOMOperation.h:53
#7	0x00000005685ab654 in WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillText(JSC::JSGlobalObject*, JSC::CallFrame*) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/DerivedSources/WebCore/JSCanvasRenderingContext2D.cpp:2901
Comment 1 Said Abou-Hallawa 2020-03-16 12:02:56 PDT 
Created attachment 393669 [details]
test case
Comment 2 Said Abou-Hallawa 2020-03-16 13:12:50 PDT 
Created attachment 393676 [details]
Patch
Comment 3 Said Abou-Hallawa 2020-03-16 13:28:24 PDT 
Created attachment 393679 [details]
Patch
Comment 4 Said Abou-Hallawa 2020-03-16 14:56:03 PDT 
Created attachment 393688 [details]
Patch