RESOLVED FIXED283351
[Skia] Ensure correct SkPixmap::[writable_]addr*() methods are used for image data access 
https://bugs.webkit.org/show_bug.cgi?id=283351
Summary [Skia] Ensure correct SkPixmap::[writable_]addr*() methods are used for image...
Adrian Perez
Reported 2024-11-19 01:52:33 PST
The SkPixmap::[writable_]addr{8,16,32,64,F16}() functions include assertions (which may be enabled via the SKIA_DEBUG=ON CMake option) that check whether the pixel format bit width matches the intended usage of the method. For example ::addr32() works with ARGB8888/BGRA8888/etc. but will crash on the assertion with an RGB565 image. We should audit the call sites for these functions and make sure the correct ones are used. When handling can be generic regardless of the pixel format bit widthl, usage must be replaced with the unsuffixed ::[writable_]addr() functions instead.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2024-11-26 01:54:04 PST
<rdar://problem/140575154>
Adrian Perez
Comment 2 2026-03-30 13:09:29 PDT
Heh, I am now hitting an assertion related to this, after 310215@main (see bug #311095): Thread 1 "TestWebKitFavic" received signal SIGILL, Illegal instruction. sk_abort_no_print () at /sdk/webkit/Source/ThirdParty/skia/src/ports/SkMemory_malloc.cpp:60 60 __builtin_trap(); (gdb) up #1 0x00007fffedc53f72 in SkPixmap::addr8() const::{lambda()#1}::operator()() const (this=0x7fffffffbfc7) at Skia/Headers/top/skia/core/SkPixmap.h:327 327 SkASSERT(1 == fInfo.bytesPerPixel()); (gdb) up #2 0x00007fffedc53f0a in SkPixmap::addr8 (this=0x7fffffffc0a8) at Skia/Headers/top/skia/core/SkPixmap.h:327 327 SkASSERT(1 == fInfo.bytesPerPixel()); (gdb) up #3 0x00007fffedc53dc5 in SkPixmap::addr8 (this=0x7fffffffc0a8, x=0, y=0) at Skia/Headers/top/skia/core/SkPixmap.h:401 401 return (const uint8_t*)((const char*)this->addr8() + (size_t)y * fRowBytes + (x << 0)); (gdb) up #4 0x00007fffedc533d1 in SkPixmap::writable_addr8 (this=0x7fffffffc0a8, x=0, y=0) at Skia/Headers/top/skia/core/SkPixmap.h:509 509 return const_cast<uint8_t*>(this->addr8(x, y)); (gdb) up #5 0x00007fffedc5328e in WebKit::skiaImageToCairoSurface (image=...) at /sdk/webkit/Source/WebKit/UIProcess/gtk/GtkUtilities.cpp:178 178 RefPtr<cairo_surface_t> surface = adoptRef(cairo_image_surface_create_for_data(pixmap.writable_addr8(0, 0), CAIRO_FORMAT_ARGB32, pixmap.width(), pixmap.height(), pixmap.rowBytes())); Preparing a patch now...
Adrian Perez
Comment 3 2026-03-30 13:23:06 PDT
Pull request: https://github.com/WebKit/WebKit/pull/61713
Adrian Perez
Comment 4 2026-03-30 13:28:53 PDT
*** Bug 282380 has been marked as a duplicate of this bug. ***
EWS
Comment 5 2026-03-30 15:44:13 PDT
Committed 310261@main (a6bf9f89d0b3): <https://commits.webkit.org/310261@main> Reviewed commits have been landed. Closing PR #61713 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.