Bug 24209 - HTMLCanvasElement::createImageBuffer() does not check return of ImageBuffer::create!
Summary: HTMLCanvasElement::createImageBuffer() does not check return of ImageBuffer::...
Status: RESOLVED DUPLICATE of bug 23212
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P1 Normal
Assignee: Nobody
URL:
Keywords: NeedsReduction
Depends on:
Blocks:
 
Reported: 2009-02-26 14:49 PST by Eric Seidel (no email)
Modified: 2009-02-27 14:27 PST (History)
1 user (show)

See Also:

Attachments
stack trace of crash (40.16 KB, text/plain)
2009-02-26 14:50 PST, Eric Seidel (no email) 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Eric Seidel (no email) 2009-02-26 14:49:29 PST 
HTMLCanvasElement::createImageBuffer() does not check return of ImageBuffer::create!

(And thus crashes).

This is crashing an internal Google tool.  Sadly, I don't have a reduction for you, but the crash is pretty easy to see from the code:
void HTMLCanvasElement::createImageBuffer() const
{
    ASSERT(!m_imageBuffer);

    m_createdImageBuffer = true;
    
    FloatSize unscaledSize(width(), height());
    IntSize size = convertLogicalToDevice(unscaledSize);
    if (!size.width() || !size.height())
        return;

    m_imageBuffer.set(ImageBuffer::create(size, false).release()); // THIS RETURNS NULL SOMETIMES
    m_imageBuffer->context()->scale(FloatSize(size.width() / unscaledSize.width(), size.height() / unscaledSize.height())); // CRASH!
    m_imageBuffer->context()->setShadowsIgnoreTransforms(true);
}
Comment 1 Eric Seidel (no email) 2009-02-26 14:50:51 PST 
Created attachment 28041 [details]
stack trace of crash
Comment 2 Cameron Zwarich (cpst) 2009-02-27 13:25:56 PST 
Eric, isn't this just a duplicate of bug 23212?
Comment 3 Eric Seidel (no email) 2009-02-27 14:27:11 PST 

*** This bug has been marked as a duplicate of 23212 ***