Bug 209141

Summary: [GPU Process] Implement DisplayList clipToImageBuffer
Product: WebKit Reporter: Said Abou-Hallawa <sabouhallawa>
Component: CanvasAssignee: Said Abou-Hallawa <sabouhallawa>
Status: NEW    
Severity: Normal CC: dino, mmaxfield, simon.fraser, thorton, wenson_hsieh
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
test case
none
Patch
none
Patch
none
Patch sabouhallawa: review?

Said Abou-Hallawa
Reported 2020-03-16 11:11:29 PDT
Repro steps: Repro steps: 1. Launch mini-browser 2. Enable "Settings/Internal Features/Render Canvas in GPU Process" or "Settings/Enable Display List Drawing". 3. Open the attached test case Result: WebKit will crash with the following call stack: #0 0x000000056b81212c in WTF::RetainPtr<CGContext*>::operator!() const at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/RetainPtr.h:103 #1 0x000000056b811936 in WebCore::GraphicsContext::platformContext() const at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp:254 #2 0x000000056b8146be in WebCore::GraphicsContext::clipToImageBuffer(WebCore::ImageBuffer&, WebCore::FloatRect const&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp:518 #3 0x000000056ad21a4a in WebCore::CanvasRenderingContext2D::drawTextInternal(WTF::String const&, float, float, bool, WTF::Optional<float>) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:574 #4 0x000000056ad20d8d in WebCore::CanvasRenderingContext2D::fillText(WTF::String const&, float, float, WTF::Optional<float>) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:332 #5 0x0000000568642660 in WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillTextBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*, JSC::ThrowScope&) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/DerivedSources/WebCore/JSCanvasRenderingContext2D.cpp:2895 #6 0x00000005685ab972 in long long WebCore::IDLOperation<WebCore::JSCanvasRenderingContext2D>::call<&(WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillTextBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/bindings/js/JSDOMOperation.h:53 #7 0x00000005685ab654 in WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillText(JSC::JSGlobalObject*, JSC::CallFrame*) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/DerivedSources/WebCore/JSCanvasRenderingContext2D.cpp:2901
Attachments
test case (696 bytes, text/html)
2020-03-16 12:02 PDT, Said Abou-Hallawa 		no flags
Details
Patch (17.70 KB, patch)
2020-03-16 13:12 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch (22.95 KB, patch)
2020-03-16 13:28 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch (22.89 KB, patch)
2020-03-16 14:56 PDT, Said Abou-Hallawa 		sabouhallawa: review?
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Said Abou-Hallawa
Comment 1 2020-03-16 12:02:56 PDT
Created attachment 393669 [details] test case
Said Abou-Hallawa
Comment 2 2020-03-16 13:12:50 PDT
Created attachment 393676 [details] Patch
Said Abou-Hallawa
Comment 3 2020-03-16 13:28:24 PDT
Created attachment 393679 [details] Patch
Said Abou-Hallawa
Comment 4 2020-03-16 14:56:03 PDT
Created attachment 393688 [details] Patch
Note You need to log in before you can comment on or make changes to this bug.