When a glyph run is redisplayed, we tend to cache its drawing for perf gain. We create a DisplayList::RecorderImpl, pass it the current GraphicsContextState and ask it to drawGlyphs(). We then cache the recorded DisplayList.

DisplayList::RecorderImpl passes the initial GraphicsContextState to its base class DisplayList::Recorder which pushes it on its stack. The problem is DisplayList::Recorder does not pass this initial GraphicsContextState to its base class which is GraphicsContext. So DisplayList::Recorder ends up having the initial state but the GraphicsContext ends up having the default state.

DisplayList::Recorder::drawGlyphs() calls DrawGlyphsRecorder::drawGlyphs() which stores the original fillBrush, strokeBrush and dropShadow. It uses these original values to restore the m_owner when it finishes. The m_owner in this case is of type DisplayList::RecorderImpl. The problem is DrawGlyphsRecorder::drawGlyphs() stores the values in the state of the GraphicsContext which are the default. So in some cases we may restore the default state to the drawing GraphicsContext.

For example let's assume the initial GraphicsContextState in the drawing GraphicsContext has fillColor = 'green':

1. DisplayList::RecorderImpl will pass the initial state to DisplayList::Recorder. So the state of its DisplayList::Recorder will have fillColor = 'green' but its GraphicsContext will have fillColor = 'black'
2. DrawGlyphsRecorder::drawGlyphs() will store fillColor = 'black' before recording.
3. DrawGlyphsRecorder::drawGlyphs() will restore fillColor = 'black' to DisplayList::Recorder. So a DisplayList item will be recorded to set the fillColor back to 'black'.
4. When replaying back the glyph DisplayList, the drawing GraphicsContext has fillColor = 'black.