RESOLVED DUPLICATE of bug 23212 24209
HTMLCanvasElement::createImageBuffer() does not check return of ImageBuffer::create! 
https://bugs.webkit.org/show_bug.cgi?id=24209
Summary HTMLCanvasElement::createImageBuffer() does not check return of ImageBuffer::...
Eric Seidel (no email)
Reported 2009-02-26 14:49:29 PST
HTMLCanvasElement::createImageBuffer() does not check return of ImageBuffer::create! (And thus crashes). This is crashing an internal Google tool. Sadly, I don't have a reduction for you, but the crash is pretty easy to see from the code: void HTMLCanvasElement::createImageBuffer() const { ASSERT(!m_imageBuffer); m_createdImageBuffer = true; FloatSize unscaledSize(width(), height()); IntSize size = convertLogicalToDevice(unscaledSize); if (!size.width() || !size.height()) return; m_imageBuffer.set(ImageBuffer::create(size, false).release()); // THIS RETURNS NULL SOMETIMES m_imageBuffer->context()->scale(FloatSize(size.width() / unscaledSize.width(), size.height() / unscaledSize.height())); // CRASH! m_imageBuffer->context()->setShadowsIgnoreTransforms(true); }
Attachments
stack trace of crash (40.16 KB, text/plain)
2009-02-26 14:50 PST, Eric Seidel (no email) 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1 2009-02-26 14:50:51 PST
Created attachment 28041 [details] stack trace of crash
Cameron Zwarich (cpst)
Comment 2 2009-02-27 13:25:56 PST
Eric, isn't this just a duplicate of bug 23212?
Eric Seidel (no email)
Comment 3 2009-02-27 14:27:11 PST
*** This bug has been marked as a duplicate of 23212 ***
Note You need to log in before you can comment on or make changes to this bug.