[webkit-changes] [130610] trunk

Sun, 07 Oct 2012 15:12:50 -0700

Title: [130610] trunk
Revision
130610
Author
[email protected]
Date
2012-10-07 15:14:01 -0700 (Sun, 07 Oct 2012)

Log Message

[chromium] Crash in WebCore::GraphicsLayerChromium::setContentsToImage
https://bugs.webkit.org/show_bug.cgi?id=98456

Patch by Nick Carter <[email protected]> on 2012-10-07
Reviewed by James Robinson.

Source/WebCore:

Handle null return of nativeImageForCurrentFrame.

Test: compositing/images/truncated-direct-png-image.html

* platform/graphics/chromium/GraphicsLayerChromium.cpp:
(WebCore::GraphicsLayerChromium::setContentsToImage):

LayoutTests:

New tests exercising a broken image on its own layer.

* compositing/images/truncated-direct-png-image-expected.html: Added.
* compositing/images/truncated-direct-png-image.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (130609 => 130610)


--- trunk/LayoutTests/ChangeLog	2012-10-07 22:01:27 UTC (rev 130609)
+++ trunk/LayoutTests/ChangeLog	2012-10-07 22:14:01 UTC (rev 130610)
@@ -1,3 +1,15 @@
+2012-10-07  Nick Carter  <[email protected]>
+
+        [chromium] Crash in WebCore::GraphicsLayerChromium::setContentsToImage
+        https://bugs.webkit.org/show_bug.cgi?id=98456
+
+        Reviewed by James Robinson.
+
+        New tests exercising a broken image on its own layer.
+
+        * compositing/images/truncated-direct-png-image-expected.html: Added.
+        * compositing/images/truncated-direct-png-image.html: Added.
+
 2012-10-07  Raphael Kubo da Costa  <[email protected]>
 
         [EFL] Mark media/video-controls-rendering.html as flaky.

Added: trunk/LayoutTests/compositing/images/truncated-direct-png-image-expected.html (0 => 130610)


--- trunk/LayoutTests/compositing/images/truncated-direct-png-image-expected.html	                        (rev 0)
+++ trunk/LayoutTests/compositing/images/truncated-direct-png-image-expected.html	2012-10-07 22:14:01 UTC (rev 130610)
@@ -0,0 +1,17 @@
+<html>
+<head>
+<style type="text/css">
+#image {
+/* no z-transform in the expectation */
+}
+
+body {
+    background-color: yellow;
+}
+</style>
+</head>
+<body>
+<p>This is a broken image on its own layer: a 500x334 PNG image truncated at the 100 byte mark. The test passes if it does not trigger an assertion or crash.</p>
+<img id="image" src=""
+</body>
+</html>

Added: trunk/LayoutTests/compositing/images/truncated-direct-png-image.html (0 => 130610)


--- trunk/LayoutTests/compositing/images/truncated-direct-png-image.html	                        (rev 0)
+++ trunk/LayoutTests/compositing/images/truncated-direct-png-image.html	2012-10-07 22:14:01 UTC (rev 130610)
@@ -0,0 +1,18 @@
+<html>
+<head>
+<style type="text/css">
+#image {
+    -webkit-transform: translateZ(0);
+    -webkit-transform-origin: 0 0;
+}
+
+body {
+    background-color: yellow;
+}
+</style>
+</head>
+<body>
+<p>This is a broken image on its own layer: a 500x334 PNG image truncated at the 100 byte mark. The test passes if it does not trigger an assertion or crash.</p>
+<img id="image" src=""
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (130609 => 130610)


--- trunk/Source/WebCore/ChangeLog	2012-10-07 22:01:27 UTC (rev 130609)
+++ trunk/Source/WebCore/ChangeLog	2012-10-07 22:14:01 UTC (rev 130610)
@@ -1,3 +1,17 @@
+2012-10-07  Nick Carter  <[email protected]>
+
+        [chromium] Crash in WebCore::GraphicsLayerChromium::setContentsToImage
+        https://bugs.webkit.org/show_bug.cgi?id=98456
+
+        Reviewed by James Robinson.
+
+        Handle null return of nativeImageForCurrentFrame.
+
+        Test: compositing/images/truncated-direct-png-image.html
+
+        * platform/graphics/chromium/GraphicsLayerChromium.cpp:
+        (WebCore::GraphicsLayerChromium::setContentsToImage):
+
 2012-10-07  Benjamin Poulain  <[email protected]>
 
         WTFURL: implement URL port removal for HTMLAnchorElement

Modified: trunk/Source/WebCore/platform/graphics/chromium/GraphicsLayerChromium.cpp (130609 => 130610)


--- trunk/Source/WebCore/platform/graphics/chromium/GraphicsLayerChromium.cpp	2012-10-07 22:01:27 UTC (rev 130609)
+++ trunk/Source/WebCore/platform/graphics/chromium/GraphicsLayerChromium.cpp	2012-10-07 22:14:01 UTC (rev 130610)
@@ -468,7 +468,8 @@
 void GraphicsLayerChromium::setContentsToImage(Image* image)
 {
     bool childrenChanged = false;
-    if (image) {
+    NativeImageSkia* nativeImage = image ? image->nativeImageForCurrentFrame() : 0;
+    if (nativeImage) {
         if (m_contentsLayerPurpose != ContentsLayerForImage) {
             m_imageLayer = adoptPtr(Platform::current()->compositorSupport()->createImageLayer());
             registerContentsLayer(m_imageLayer->layer());
@@ -477,7 +478,6 @@
             m_contentsLayerPurpose = ContentsLayerForImage;
             childrenChanged = true;
         }
-        NativeImageSkia* nativeImage = image->nativeImageForCurrentFrame();
         m_imageLayer->setBitmap(nativeImage->bitmap());
         m_imageLayer->layer()->setOpaque(image->isBitmapImage() && !image->currentFrameHasAlpha());
         updateContentsRect();

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to