Bug 209141

Summary:

[GPU Process] Implement DisplayList clipToImageBuffer

Product:

WebKit

Reporter:

Said Abou-Hallawa <sabouhallawa>

Component:

Canvas

Assignee:

Said Abou-Hallawa <sabouhallawa>

Status:

NEW ---

Severity:

Normal

CC:

dino, mmaxfield, simon.fraser, thorton, wenson_hsieh

Priority:

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
test case	none
Patch	none
Patch	none
Patch	sabouhallawa: review?

Description Said Abou-Hallawa 2020-03-16 11:11:29 PDT

Repro steps:

Repro steps:

1. Launch mini-browser
2. Enable "Settings/Internal Features/Render Canvas in GPU Process" or "Settings/Enable Display List Drawing".
3. Open the attached test case

Result: WebKit will crash with the following call stack:

#0	0x000000056b81212c in WTF::RetainPtr<CGContext*>::operator!() const at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/RetainPtr.h:103
#1	0x000000056b811936 in WebCore::GraphicsContext::platformContext() const at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp:254
#2	0x000000056b8146be in WebCore::GraphicsContext::clipToImageBuffer(WebCore::ImageBuffer&, WebCore::FloatRect const&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp:518
#3	0x000000056ad21a4a in WebCore::CanvasRenderingContext2D::drawTextInternal(WTF::String const&, float, float, bool, WTF::Optional<float>) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:574
#4	0x000000056ad20d8d in WebCore::CanvasRenderingContext2D::fillText(WTF::String const&, float, float, WTF::Optional<float>) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:332
#5	0x0000000568642660 in WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillTextBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*, JSC::ThrowScope&) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/DerivedSources/WebCore/JSCanvasRenderingContext2D.cpp:2895
#6	0x00000005685ab972 in long long WebCore::IDLOperation<WebCore::JSCanvasRenderingContext2D>::call<&(WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillTextBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/bindings/js/JSDOMOperation.h:53
#7	0x00000005685ab654 in WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillText(JSC::JSGlobalObject*, JSC::CallFrame*) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/DerivedSources/WebCore/JSCanvasRenderingContext2D.cpp:2901

Comment 1 Said Abou-Hallawa 2020-03-16 12:02:56 PDT

Created attachment 393669 [details]
test case

Comment 2 Said Abou-Hallawa 2020-03-16 13:12:50 PDT

Created attachment 393676 [details]
Patch

Comment 3 Said Abou-Hallawa 2020-03-16 13:28:24 PDT

Created attachment 393679 [details]
Patch

Comment 4 Said Abou-Hallawa 2020-03-16 14:56:03 PDT

Created attachment 393688 [details]
Patch