Skip to site navigation (Press enter)

[webkit-changes] [103439] trunk

senorblanco Wed, 21 Dec 2011 13:40:49 -0800

Title: [103439] trunk

Revision: 103439
Author: [email protected]
Date: 2011-12-21 13:40:37 -0800 (Wed, 21 Dec 2011)

Log Message

Source/WebCore: Fix CSS filters crash on zero-sized elements.
https://bugs.webkit.org/show_bug.cgi?id=75020


Reviewed by Dean Jackson.

Test: css3/filters/filter-empty-element-crash.html

* rendering/FilterEffectRenderer.cpp:
(WebCore::FilterEffectRenderer::inputContext):
Protect against null ImageBuffer.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paintLayer):
Protect against null GraphicsContext.

LayoutTests: Test for CSS filters crash on zero-sized element
https://bugs.webkit.org/show_bug.cgi?id=75020

Reviewed by Dean Jackson.

* css3/filters/filter-empty-element-crash-expected.txt: Added.
* css3/filters/filter-empty-element-crash.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/rendering/FilterEffectRenderer.cpp
trunk/Source/WebCore/rendering/RenderLayer.cpp

Added Paths

trunk/LayoutTests/css3/filters/filter-empty-element-crash-expected.txt
trunk/LayoutTests/css3/filters/filter-empty-element-crash.html

Diff

Modified: trunk/LayoutTests/ChangeLog (103438 => 103439)


--- trunk/LayoutTests/ChangeLog	2011-12-21 21:21:41 UTC (rev 103438)
+++ trunk/LayoutTests/ChangeLog	2011-12-21 21:40:37 UTC (rev 103439)
@@ -1,3 +1,13 @@
+2011-12-21  Stephen White  <[email protected]>
+
+        Test for CSS filters crash on zero-sized element
+        https://bugs.webkit.org/show_bug.cgi?id=75020
+
+        Reviewed by Dean Jackson.
+
+        * css3/filters/filter-empty-element-crash-expected.txt: Added.
+        * css3/filters/filter-empty-element-crash.html: Added.
+
 2011-12-20  Dmitry Lomov  <[email protected]>
 
         [Chromium] DatabaseTrackerChromium: iterating DatabaseSet races with Database disposal on worker thread.

Added: trunk/LayoutTests/css3/filters/filter-empty-element-crash-expected.txt (0 => 103439)


--- trunk/LayoutTests/css3/filters/filter-empty-element-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/css3/filters/filter-empty-element-crash-expected.txt	2011-12-21 21:40:37 UTC (rev 103439)
@@ -0,0 +1 @@
+If you can read this, the test passed.

Added: trunk/LayoutTests/css3/filters/filter-empty-element-crash.html (0 => 103439)


--- trunk/LayoutTests/css3/filters/filter-empty-element-crash.html	                        (rev 0)
+++ trunk/LayoutTests/css3/filters/filter-empty-element-crash.html	2011-12-21 21:40:37 UTC (rev 103439)
@@ -0,0 +1,6 @@
+<script>
+if (window.layoutTestController)
+    window.layoutTestController.dumpAsText(true);
+</script>
+<div style="-webkit-filter: blur(1px);" width="0px" height="0px"></div>
+<p>If you can read this, the test passed.</p>

Modified: trunk/Source/WebCore/ChangeLog (103438 => 103439)


--- trunk/Source/WebCore/ChangeLog	2011-12-21 21:21:41 UTC (rev 103438)
+++ trunk/Source/WebCore/ChangeLog	2011-12-21 21:40:37 UTC (rev 103439)
@@ -1,3 +1,19 @@
+2011-12-21  Stephen White  <[email protected]>
+
+        Fix CSS filters crash on zero-sized elements.
+        https://bugs.webkit.org/show_bug.cgi?id=75020
+
+        Reviewed by Dean Jackson.
+
+        Test: css3/filters/filter-empty-element-crash.html
+
+        * rendering/FilterEffectRenderer.cpp:
+        (WebCore::FilterEffectRenderer::inputContext):
+        Protect against null ImageBuffer.
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::paintLayer):
+        Protect against null GraphicsContext.
+
 2011-12-21  Anders Carlsson  <[email protected]>
 
         Inform the scrolling coordinator when scrollbar layers come and go

Modified: trunk/Source/WebCore/rendering/FilterEffectRenderer.cpp (103438 => 103439)


--- trunk/Source/WebCore/rendering/FilterEffectRenderer.cpp	2011-12-21 21:21:41 UTC (rev 103438)
+++ trunk/Source/WebCore/rendering/FilterEffectRenderer.cpp	2011-12-21 21:40:37 UTC (rev 103439)
@@ -88,7 +88,7 @@
 
 GraphicsContext* FilterEffectRenderer::inputContext()
 {
-    return sourceImage()->context();
+    return sourceImage() ? sourceImage()->context() : 0;
 }
 
 void FilterEffectRenderer::build(Document* document, const FilterOperations& operations)

Modified: trunk/Source/WebCore/rendering/RenderLayer.cpp (103438 => 103439)


--- trunk/Source/WebCore/rendering/RenderLayer.cpp	2011-12-21 21:21:41 UTC (rev 103438)
+++ trunk/Source/WebCore/rendering/RenderLayer.cpp	2011-12-21 21:40:37 UTC (rev 103439)
@@ -2754,6 +2754,8 @@
         
         // Paint into the context that represents the SourceGraphic of the filter.
         GraphicsContext* sourceGraphicsContext = m_filter->inputContext();
+        if (!sourceGraphicsContext)
+            return;
         
         LayoutPoint layerOrigin;
         convertToLayerCoords(rootLayer, layerOrigin);

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes