Created attachment 411254 [details] Crash log In PDFPlugin::snapshot(), it's possible to dereference nullptr: RefPtr<ShareableBitmap> PDFPlugin::snapshot() { ... auto bitmap = ShareableBitmap::createShareable(backingStoreSize, { }); auto context = bitmap->createGraphicsContext(); if (!context) return nullptr; ... } bitmap here can be nullptr, so it must be checked before use. Attaching a crash log.
Created attachment 411256 [details] Patch
<rdar://problem/70173839>
Created attachment 411257 [details] Patch
Created attachment 411259 [details] Crash log
Created attachment 411260 [details] Crash log
Created attachment 411267 [details] Patch
Comment on attachment 411267 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=411267&action=review > LayoutTests/plugins/pdf-plugin-null-onloaddeddata.html:4 > +/*begincss*/ This comment is useless. Please remove it. > LayoutTests/plugins/pdf-plugin-null-onloaddeddata.html:5 > +:not(glyphRef) { zoom: 61; } Do we really need it? If we do, I presume we only need it on body or embed so I'd suggest either one of: embed { zoom: 61; } body { zoom: 61; } embed, body { zoom: 61; } > LayoutTests/plugins/pdf-plugin-null-onloaddeddata.html:6 > +/*endcss*/ Ditto.
Comment on attachment 411267 [details] Patch cq- because I'd like to see the test case being improved.
(In reply to Ryosuke Niwa from comment #7) > Comment on attachment 411267 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=411267&action=review > > > LayoutTests/plugins/pdf-plugin-null-onloaddeddata.html:4 > > +/*begincss*/ > > This comment is useless. Please remove it. > Will do. > > LayoutTests/plugins/pdf-plugin-null-onloaddeddata.html:5 > > +:not(glyphRef) { zoom: 61; } > > Do we really need it? > If we do, I presume we only need it on body or embed so I'd suggest either > one of: > embed { zoom: 61; } > body { zoom: 61; } > embed, body { zoom: 61; } > We do, unfortunately. I'll try the suggestions. > > LayoutTests/plugins/pdf-plugin-null-onloaddeddata.html:6 > > +/*endcss*/ > > Ditto. Ditto the ditto.
Created attachment 411271 [details] Patch
Committed r268432: <https://trac.webkit.org/changeset/268432> All reviewed patches have been landed. Closing bug and clearing flags on attachment 411271 [details].