Title: [264931] trunk
- Revision
- 264931
- Author
- d...@apple.com
- Date
- 2020-07-27 10:58:48 -0700 (Mon, 27 Jul 2020)
Log Message
Repeatable WebContent crash: WebCore::jsWebGLRenderingContextPrototypeFunctionGetError
https://bugs.webkit.org/show_bug.cgi?id=214814
rdar://59290537
Reviewed by Anders Carlsson.
Source/WebCore:
If a WebGL context was killed due to too many contexts
in the page, we would get a null pointer crash if
the page called getError() more than once on it.
This is an edge case not covered by the WebGL conformance
suite since the recyling behaviour is specific to our
implementation.
Test: fast/canvas/webgl/recycle-contexts.html
* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::getError): Add a null check.
LayoutTests:
* fast/canvas/webgl/recycle-contexts-expected.html: Added.
* fast/canvas/webgl/recycle-contexts.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (264930 => 264931)
--- trunk/LayoutTests/ChangeLog 2020-07-27 17:31:00 UTC (rev 264930)
+++ trunk/LayoutTests/ChangeLog 2020-07-27 17:58:48 UTC (rev 264931)
@@ -1,3 +1,14 @@
+2020-07-27 Dean Jackson <d...@apple.com>
+
+ Repeatable WebContent crash: WebCore::jsWebGLRenderingContextPrototypeFunctionGetError
+ https://bugs.webkit.org/show_bug.cgi?id=214814
+ rdar://59290537
+
+ Reviewed by Anders Carlsson.
+
+ * fast/canvas/webgl/recycle-contexts-expected.html: Added.
+ * fast/canvas/webgl/recycle-contexts.html: Added.
+
2020-07-27 Youenn Fablet <you...@apple.com>
scaleResolutionDownBy has no effect on RTCRtpSender
Added: trunk/LayoutTests/fast/canvas/webgl/recycle-contexts-expected.html (0 => 264931)
--- trunk/LayoutTests/fast/canvas/webgl/recycle-contexts-expected.html (rev 0)
+++ trunk/LayoutTests/fast/canvas/webgl/recycle-contexts-expected.html 2020-07-27 17:58:48 UTC (rev 264931)
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<h1>Should not crash</h1>
Added: trunk/LayoutTests/fast/canvas/webgl/recycle-contexts.html (0 => 264931)
--- trunk/LayoutTests/fast/canvas/webgl/recycle-contexts.html (rev 0)
+++ trunk/LayoutTests/fast/canvas/webgl/recycle-contexts.html 2020-07-27 17:58:48 UTC (rev 264931)
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<script>
+function run() {
+ const contexts = [];
+ for (let i = 0; i < 50; i++) {
+ const c = document.createElement("canvas");
+ const ctx = c.getContext("webgl");
+ ctx.clearColor(0, 1, 0, 1);
+ ctx.clear(ctx.COLOR_BUFFER_BIT);
+ contexts.push(ctx);
+ }
+ contexts.forEach(ctx => {
+ ctx.getError();
+ ctx.getError();
+ ctx.getError();
+ ctx.getError();
+ });
+}
+
+window.addEventListener("load", run, false);
+</script>
+<h1>Should not crash</h1>
Modified: trunk/Source/WebCore/ChangeLog (264930 => 264931)
--- trunk/Source/WebCore/ChangeLog 2020-07-27 17:31:00 UTC (rev 264930)
+++ trunk/Source/WebCore/ChangeLog 2020-07-27 17:58:48 UTC (rev 264931)
@@ -1,3 +1,23 @@
+2020-07-27 Dean Jackson <d...@apple.com>
+
+ Repeatable WebContent crash: WebCore::jsWebGLRenderingContextPrototypeFunctionGetError
+ https://bugs.webkit.org/show_bug.cgi?id=214814
+ rdar://59290537
+
+ Reviewed by Anders Carlsson.
+
+ If a WebGL context was killed due to too many contexts
+ in the page, we would get a null pointer crash if
+ the page called getError() more than once on it.
+ This is an edge case not covered by the WebGL conformance
+ suite since the recyling behaviour is specific to our
+ implementation.
+
+ Test: fast/canvas/webgl/recycle-contexts.html
+
+ * html/canvas/WebGLRenderingContextBase.cpp:
+ (WebCore::WebGLRenderingContextBase::getError): Add a null check.
+
2020-07-27 Youenn Fablet <you...@apple.com>
scaleResolutionDownBy has no effect on RTCRtpSender
Modified: trunk/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp (264930 => 264931)
--- trunk/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp 2020-07-27 17:31:00 UTC (rev 264930)
+++ trunk/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp 2020-07-27 17:58:48 UTC (rev 264931)
@@ -2879,7 +2879,7 @@
GCGLenum WebGLRenderingContextBase::getError()
{
- if (m_isPendingPolicyResolution)
+ if (!m_context || m_isPendingPolicyResolution)
return GraphicsContextGL::NO_ERROR;
return m_context->getError();
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes