https://bugs.webkit.org/show_bug.cgi?id=29906 introduced a change to the CanvasArray base class which tests a PassRefPtr after its contents have been transferred to a RefPtr, causing the NULL check to always fail and the base pointer of the CanvasArray to always be NULL. This results in crashes on most if not all WebGL content. Patch is attached.
Created attachment 40519 [details] Patch
Created attachment 40520 [details] Replacement patch eliminating stray tab
Comment on attachment 40520 [details] Replacement patch eliminating stray tab Can you add a testcase for this?
Created attachment 40526 [details] Patch including test case Added unit test. Verified that test crashes before fix and runs successfully after fix.
Comment on attachment 40526 [details] Patch including test case > +<html xmlns="http://www.w3.org/1999/xhtml"> we don't use namespaces -- tests should basically be html5 doctype if you want strict mode. But in this case you're also using the xml namespace which is also incorrect due to the file extension not being .xhtml, and not having an xml doctype :D And you need expected output Cheers, Oliver
... and don't forget -- WebKit style in JS also. 4-space, func brace on new line, etc. :)
Created attachment 40533 [details] Replacement patch with layouttest expected results
Comment on attachment 40533 [details] Replacement patch with layouttest expected results remove the superfluous namespace decl from <html> in the testcase
Sending LayoutTests/ChangeLog Adding LayoutTests/fast/canvas/webgl/array-unit-tests-expected.txt Adding LayoutTests/fast/canvas/webgl/array-unit-tests.html Sending WebCore/ChangeLog Sending WebCore/html/canvas/CanvasArray.cpp Transmitting file data ..... Committed revision 49027.