Skip to site navigation (Press enter)

[webkit-changes] [262813] trunk/Source/WebCore

commit-queue Tue, 09 Jun 2020 14:49:04 -0700

Title: [262813] trunk/Source/WebCore

Revision: 262813
Author: [email protected]
Date: 2020-06-09 14:47:45 -0700 (Tue, 09 Jun 2020)

Log Message

WebKit Crashes when SVG Filter Logging is Turned On
https://bugs.webkit.org/show_bug.cgi?id=212415


Patch by Frank Yang <[email protected]> on 2020-06-09
Reviewed by Darin Adler.

No new tests are required because this is just
fixing a simple pointer access inside logging code

* html/ImageData.cpp:
(WebCore::operator<<): Overloaded << operator to print the
       address of pixel data it stores
* html/ImageData.h: Declare overloaded << operator
* platform/graphics/filters/FilterEffect.cpp:
(WebCore::FilterEffect::imageBufferResult): Modified logging code
       so that it does a null check by calling ValueOrNull on
       m_premultipliedImageResult and m_unmultipliedImageResult
(WebCore::FilterEffect::copyUnmultipliedResult):  Modified logging code
       so that it does a null check by calling ValueOrNull on
       m_premultipliedImageResult and m_unmultipliedImageResult
(WebCore::FilterEffect::copyPremultipliedResult):  Modified logging code
       so that it does a null check by calling ValueOrNull on
       m_premultipliedImageResult and m_unmultipliedImageResult

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/html/ImageData.cpp
trunk/Source/WebCore/html/ImageData.h
trunk/Source/WebCore/platform/graphics/filters/FilterEffect.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (262812 => 262813)


--- trunk/Source/WebCore/ChangeLog	2020-06-09 21:43:53 UTC (rev 262812)
+++ trunk/Source/WebCore/ChangeLog	2020-06-09 21:47:45 UTC (rev 262813)
@@ -1,3 +1,28 @@
+2020-06-09  Frank Yang  <[email protected]>
+
+        WebKit Crashes when SVG Filter Logging is Turned On
+        https://bugs.webkit.org/show_bug.cgi?id=212415
+
+        Reviewed by Darin Adler.
+
+        No new tests are required because this is just 
+        fixing a simple pointer access inside logging code
+
+        * html/ImageData.cpp:
+        (WebCore::operator<<): Overloaded << operator to print the 
+               address of pixel data it stores
+        * html/ImageData.h: Declare overloaded << operator
+        * platform/graphics/filters/FilterEffect.cpp:
+        (WebCore::FilterEffect::imageBufferResult): Modified logging code
+               so that it does a null check by calling ValueOrNull on 
+               m_premultipliedImageResult and m_unmultipliedImageResult
+        (WebCore::FilterEffect::copyUnmultipliedResult):  Modified logging code
+               so that it does a null check by calling ValueOrNull on
+               m_premultipliedImageResult and m_unmultipliedImageResult
+        (WebCore::FilterEffect::copyPremultipliedResult):  Modified logging code
+               so that it does a null check by calling ValueOrNull on
+               m_premultipliedImageResult and m_unmultipliedImageResult
+
 2020-06-09  Dean Jackson  <[email protected]>
 
         REGRESSION: [Safari Mojave for High Sierra] Accessing some of the featured pages on apple.com causes the webpage to crash

Modified: trunk/Source/WebCore/html/ImageData.cpp (262812 => 262813)


--- trunk/Source/WebCore/html/ImageData.cpp	2020-06-09 21:43:53 UTC (rev 262812)
+++ trunk/Source/WebCore/html/ImageData.cpp	2020-06-09 21:47:45 UTC (rev 262813)
@@ -116,5 +116,11 @@
     return adoptRef(*new ImageData(m_size, Uint8ClampedArray::create(m_data->data(), m_data->length())));
 }
 
+TextStream& operator<<(TextStream& ts, const ImageData& imageData)
+{
+    // Print out the address of the pixel data array
+    return ts << imageData.data();
 }
 
+}
+

Modified: trunk/Source/WebCore/html/ImageData.h (262812 => 262813)


--- trunk/Source/WebCore/html/ImageData.h	2020-06-09 21:43:53 UTC (rev 262812)
+++ trunk/Source/WebCore/html/ImageData.h	2020-06-09 21:47:45 UTC (rev 262813)
@@ -57,4 +57,6 @@
     Ref<Uint8ClampedArray> m_data;
 };
 
+WEBCORE_EXPORT WTF::TextStream& operator<<(WTF::TextStream&, const ImageData&);
+
 } // namespace WebCore

Modified: trunk/Source/WebCore/platform/graphics/filters/FilterEffect.cpp (262812 => 262813)


--- trunk/Source/WebCore/platform/graphics/filters/FilterEffect.cpp	2020-06-09 21:43:53 UTC (rev 262812)
+++ trunk/Source/WebCore/platform/graphics/filters/FilterEffect.cpp	2020-06-09 21:47:45 UTC (rev 262813)
@@ -266,7 +266,7 @@
 
 ImageBuffer* FilterEffect::imageBufferResult()
 {
-    LOG_WITH_STREAM(Filters, stream << "FilterEffect " << filterName() << " " << this << " imageBufferResult(). Existing image buffer " << m_imageBufferResult.get() <<  " m_premultipliedImageResult " << m_premultipliedImageResult->data() << " m_unmultipliedImageResult " << m_unmultipliedImageResult->data());
+    LOG_WITH_STREAM(Filters, stream << "FilterEffect " << filterName() << " " << this << " imageBufferResult(). Existing image buffer " << m_imageBufferResult.get() <<  " m_premultipliedImageResult " << ValueOrNull(m_premultipliedImageResult.get()) << " m_unmultipliedImageResult " << ValueOrNull(m_unmultipliedImageResult.get()));
 
     if (!hasResult())
         return nullptr;
@@ -439,7 +439,7 @@
 {
     ASSERT(hasResult());
     
-    LOG_WITH_STREAM(Filters, stream << "FilterEffect " << filterName() << " " << this << " copyUnmultipliedResult(). Existing image buffer " << m_imageBufferResult.get() <<  " m_premultipliedImageResult " << m_premultipliedImageResult->data() << " m_unmultipliedImageResult " << m_unmultipliedImageResult->data());
+    LOG_WITH_STREAM(Filters, stream << "FilterEffect " << filterName() << " " << this << " copyUnmultipliedResult(). Existing image buffer " << m_imageBufferResult.get() <<  " m_premultipliedImageResult " << ValueOrNull(m_premultipliedImageResult.get()) << " m_unmultipliedImageResult " << ValueOrNull(m_unmultipliedImageResult.get()));
 
     if (!m_unmultipliedImageResult) {
         // We prefer a conversion from the image buffer.
@@ -465,7 +465,7 @@
 {
     ASSERT(hasResult());
 
-    LOG_WITH_STREAM(Filters, stream << "FilterEffect " << filterName() << " " << this << " copyPremultipliedResult(). Existing image buffer " << m_imageBufferResult.get() <<  " m_premultipliedImageResult " << m_premultipliedImageResult->data() << " m_unmultipliedImageResult " << m_unmultipliedImageResult->data());
+    LOG_WITH_STREAM(Filters, stream << "FilterEffect " << filterName() << " " << this << " copyPremultipliedResult(). Existing image buffer " << m_imageBufferResult.get() <<  " m_premultipliedImageResult " << ValueOrNull(m_premultipliedImageResult.get()) << " m_unmultipliedImageResult " << ValueOrNull(m_unmultipliedImageResult.get()));
 
     if (!m_premultipliedImageResult) {
         // We prefer a conversion from the image buffer.

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes