RESOLVED FIXED Bug 45835
Fix incorrect usage of dissolveDragImageToFraction 
https://bugs.webkit.org/show_bug.cgi?id=45835
Summary Fix incorrect usage of dissolveDragImageToFraction
Daniel Cheng
Reported 2010-09-15 14:03:40 PDT
createDragImageForSelection() was ignoring the return value of dissolveDragImageToFraction(). This didn't happen to crash on most platforms, since most implementations simply modified the image that was passed in. However, Chromium Mac's implementation actually creates a new image and returns that instead. This caused us to crash when copying the image from the renderer to the browser process, since the memory had already been freed.
Attachments
Patch (1.64 KB, patch)
2010-09-15 14:09 PDT, Daniel Cheng 		no flags
DetailsFormatted DiffDiff
Patch (2.29 KB, patch)
2010-09-15 14:34 PDT, Daniel Cheng 		no flags
DetailsFormatted DiffDiff
Patch (2.43 KB, patch)
2010-09-15 15:18 PDT, Daniel Cheng 		no flags
DetailsFormatted DiffDiff
Patch for landing (2.64 KB, patch)
2010-09-15 15:47 PDT, Daniel Cheng 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Daniel Cheng
Comment 1 2010-09-15 14:09:17 PDT
Created attachment 67711 [details] Patch
Tony Chang
Comment 2 2010-09-15 14:14:32 PDT
Comment on attachment 67711 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=67711&action=prettypatch Can you add a manual test in WebCore/manual-tests/chromium for this?
Daniel Cheng
Comment 3 2010-09-15 14:34:16 PDT
Created attachment 67717 [details] Patch
Daniel Cheng
Comment 4 2010-09-15 15:18:30 PDT
Created attachment 67728 [details] Patch
Tony Chang
Comment 5 2010-09-15 15:39:35 PDT
Comment on attachment 67728 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=67728&action=prettypatch > WebCore/ChangeLog:16 > + * manual-tests/selection-drag-crash.html: Added. Please add a comment saying why this doesn't repro in DRT or test_shell. > WebCore/manual-tests/selection-drag-crash.html:6 > +function selectText() { > + window.getSelection().selectAllChildren(document.body); > +}; Nit: The semi-colon at the end of the test is not needed.
Daniel Cheng
Comment 6 2010-09-15 15:47:47 PDT
Created attachment 67735 [details] Patch for landing
WebKit Commit Bot
Comment 7 2010-09-15 16:03:55 PDT
Comment on attachment 67735 [details] Patch for landing Rejecting patch 67735 from commit-queue. dcheng@chromium.org does not have committer permissions according to http://trac.webkit.org/browser/trunk/WebKitTools/Scripts/webkitpy/common/config/committers.py. - If you do not have committer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags. - If you have committer rights please correct the error in WebKitTools/Scripts/webkitpy/common/config/committers.py by adding yourself to the file (no review needed). The commit-queue restarts itself every 2 hours. After restart the commit-queue will correctly respect your committer rights.
Tony Chang
Comment 8 2010-09-15 16:06:23 PDT
Comment on attachment 67735 [details] Patch for landing thought that might happen. let's try that again.
WebKit Commit Bot
Comment 9 2010-09-16 07:48:18 PDT
Comment on attachment 67735 [details] Patch for landing Rejecting patch 67735 from commit-queue. Unexpected failure when processing patch! Please file a bug against webkit-patch. Failed to run "['WebKitTools/Scripts/webkit-patch', '--status-host=queues.webkit.org', 'land-attachment', '--force-clean', '--non-interactive', '--ignore-builders', '--quiet', '--parent-command=commit-queue', 67735]" exit_code: 1 Last 500 characters of output: .cgi?id=67735&action=edit Fetching: https://bugs.webkit.org/show_bug.cgi?id=45835&ctype=xml Processing 1 patch from 1 bug. Cleaning working directory Updating working directory Processing patch 67735 from bug 45835. NOBODY (OOPS!) found in /Projects/CommitQueue/WebCore/ChangeLog does not appear to be a valid reviewer according to committers.py. ERROR: /Projects/CommitQueue/WebCore/ChangeLog neither lists a valid reviewer nor contains the string "Unreviewed" or "Rubber stamp" (case insensitive).
WebKit Commit Bot
Comment 10 2010-09-16 11:06:58 PDT
Comment on attachment 67735 [details] Patch for landing Clearing flags on attachment: 67735 Committed r67641: <http://trac.webkit.org/changeset/67641>
WebKit Commit Bot
Comment 11 2010-09-16 11:07:03 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.