RESOLVED FIXED69681
Fix crash with toDataURL to JPEG 
https://bugs.webkit.org/show_bug.cgi?id=69681
Summary Fix crash with toDataURL to JPEG
John Bauman
Reported 2011-10-07 17:39:42 PDT
Fix crash with toDataURL to JPEG
Attachments
Patch (1.77 KB, patch)
2011-10-07 17:41 PDT, John Bauman 		no flags
DetailsFormatted DiffDiff
Patch (1.74 KB, patch)
2011-10-10 17:01 PDT, John Bauman 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
John Bauman
Comment 1 2011-10-07 17:41:26 PDT
Created attachment 110236 [details] Patch
Darin Adler
Comment 2 2011-10-07 17:44:01 PDT
Comment on attachment 110236 [details] Patch Can we make a test case to cover this?
WebKit Review Bot
Comment 3 2011-10-07 18:48:31 PDT
Comment on attachment 110236 [details] Patch Rejecting attachment 110236 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 2 Last 500 characters of output: 381db9f538a72509ddceba74bc8fa72d7ba8a196 r96996 = 597be029117bbf6b1591194e17018dff0ce3fbd4 Done rebuilding .git/svn/refs/remotes/origin/master/.rev_map.268f45cc-cd09-0410-ab3c-d52691b4dbfc First, rewinding head to replay your work on top of it... Fast-forwarded master to refs/remotes/origin/master. Updating chromium port dependencies using gclient... ________ running '/usr/bin/python gyp_webkit' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium' Updating webkit projects from gyp files... Full output: http://queues.webkit.org/results/9995417
John Bauman
Comment 4 2011-10-10 17:01:50 PDT
Created attachment 110439 [details] Patch
WebKit Review Bot
Comment 5 2011-10-10 17:05:05 PDT
Comment on attachment 110439 [details] Patch Rejecting attachment 110439 [details] from commit-queue. jbauman@chromium.org does not have committer permissions according to http://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/committers.py. - If you do not have committer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags. - If you have committer rights please correct the error in Tools/Scripts/webkitpy/common/config/committers.py by adding yourself to the file (no review needed). The commit-queue restarts itself every 2 hours. After restart the commit-queue will correctly respect your committer rights.
Kenneth Russell
Comment 6 2011-10-10 17:54:01 PDT
Comment on attachment 110439 [details] Patch Looks good. r=me
WebKit Review Bot
Comment 7 2011-10-11 01:27:06 PDT
Comment on attachment 110439 [details] Patch Clearing flags on attachment: 110439 Committed r97132: <http://trac.webkit.org/changeset/97132>
WebKit Review Bot
Comment 8 2011-10-11 01:27:10 PDT
All reviewed patches have been landed. Closing bug.
Abhishek Arya
Comment 9 2011-10-11 22:27:11 PDT
This looks like a use after free bug. Can you please confirm soon so that we can merge to m15 ? Do you have a crash id or crash stack ??
John Bauman
Comment 10 2011-10-12 06:35:11 PDT
This is a use after free, but it's not in M15 - it was introduced in r96000.
noel gordon
Comment 11 2011-10-12 19:55:41 PDT
(In reply to comment #2) > Can we make a test case to cover this? I reproduced with http://persistent.info/chromium/test-cases/canvas-crash.html, filed bug 69991 about creating a test case.
Note You need to log in before you can comment on or make changes to this bug.