RESOLVED FIXED 217026
[GPU Process] Several layout tests in fast/canvas crash under GraphicsContext::clipToImageBuffer
https://bugs.webkit.org/show_bug.cgi?id=217026
Summary [GPU Process] Several layout tests in fast/canvas crash under GraphicsContext...
Wenson Hsieh
Reported 2020-09-26 21:51:10 PDT
Fixes null dereference crashes when running these four layout tests with GPUP enabled: - fast/canvas/2d.fillText.gradient.html - fast/canvas/2d.text.draw.fill.maxWidth.gradient.html - fast/canvas/canvas-text-alignment.html - fast/canvas/gradient-text-with-shadow.html
Attachments
WIP (18.83 KB, patch)
2020-09-26 22:55 PDT, Wenson Hsieh
ews-feeder: commit-queue-
WIP (20.44 KB, patch)
2020-09-26 23:00 PDT, Wenson Hsieh
no flags
WIP (23.43 KB, patch)
2020-09-27 00:19 PDT, Wenson Hsieh
no flags
WIP (23.44 KB, patch)
2020-09-27 09:49 PDT, Wenson Hsieh
ews-feeder: commit-queue-
WIP (23.44 KB, patch)
2020-09-27 10:04 PDT, Wenson Hsieh
ews-feeder: commit-queue-
WIP (23.45 KB, patch)
2020-09-27 10:11 PDT, Wenson Hsieh
no flags
Patch (26.17 KB, patch)
2020-09-27 11:22 PDT, Wenson Hsieh
no flags
WIP (27.00 KB, patch)
2020-09-28 21:37 PDT, Wenson Hsieh
ews-feeder: commit-queue-
WIP (27.03 KB, patch)
2020-09-28 21:45 PDT, Wenson Hsieh
no flags
Patch (29.76 KB, patch)
2020-09-28 22:37 PDT, Wenson Hsieh
no flags
Wenson Hsieh
Comment 1 2020-09-26 22:55:01 PDT Comment hidden (obsolete)
Wenson Hsieh
Comment 2 2020-09-26 23:00:21 PDT Comment hidden (obsolete)
Wenson Hsieh
Comment 3 2020-09-27 00:19:35 PDT Comment hidden (obsolete)
Wenson Hsieh
Comment 4 2020-09-27 09:49:22 PDT Comment hidden (obsolete)
Wenson Hsieh
Comment 5 2020-09-27 10:04:46 PDT Comment hidden (obsolete)
Wenson Hsieh
Comment 6 2020-09-27 10:11:24 PDT Comment hidden (obsolete)
Wenson Hsieh
Comment 7 2020-09-27 11:22:10 PDT Comment hidden (obsolete)
Radar WebKit Bug Importer
Comment 8 2020-09-27 13:03:18 PDT
Wenson Hsieh
Comment 9 2020-09-28 21:37:56 PDT Comment hidden (obsolete)
Wenson Hsieh
Comment 10 2020-09-28 21:45:43 PDT Comment hidden (obsolete)
Wenson Hsieh
Comment 11 2020-09-28 22:37:54 PDT
Simon Fraser (smfr)
Comment 12 2020-09-29 09:26:46 PDT
Comment on attachment 409966 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409966&action=review > Source/WebCore/platform/graphics/GraphicsContext.h:414 > + ClipToDrawingCommandsResult clipToDrawingCommands(const FloatRect& destination, ColorSpace, Function<void(GraphicsContext&)>&&); This is great. We might end up generalizing this for other image buffer code paths, but it's a good start.
Wenson Hsieh
Comment 13 2020-09-29 09:31:27 PDT
Comment on attachment 409966 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409966&action=review >> Source/WebCore/platform/graphics/GraphicsContext.h:414 >> + ClipToDrawingCommandsResult clipToDrawingCommands(const FloatRect& destination, ColorSpace, Function<void(GraphicsContext&)>&&); > > This is great. We might end up generalizing this for other image buffer code paths, but it's a good start. 👍🏻
EWS
Comment 14 2020-09-29 09:41:53 PDT
Committed r267742: <https://trac.webkit.org/changeset/267742> All reviewed patches have been landed. Closing bug and clearing flags on attachment 409966 [details].
Note You need to log in before you can comment on or make changes to this bug.