Bug 217026

Summary:

[GPU Process] Several layout tests in fast/canvas crash under GraphicsContext::clipToImageBuffer

Product:

WebKit

Reporter:

Wenson Hsieh <wenson_hsieh>

Component:

Canvas

Assignee:

Wenson Hsieh <wenson_hsieh>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

cdumez, changseok, dino, esprehn+autocc, ews-watchlist, gyuyoung.kim, sabouhallawa, simon.fraser, thorton, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=225959

Attachments:

Description	Flags
WIP	ews-feeder: commit-queue-
WIP	none
WIP	none
WIP	ews-feeder: commit-queue-
WIP	ews-feeder: commit-queue-
WIP	none
Patch	none
WIP	ews-feeder: commit-queue-
WIP	none
Patch	none

Wenson Hsieh

Reported 2020-09-26 21:51:10 PDT

Fixes null dereference crashes when running these four layout tests with GPUP enabled: - fast/canvas/2d.fillText.gradient.html - fast/canvas/2d.text.draw.fill.maxWidth.gradient.html - fast/canvas/canvas-text-alignment.html - fast/canvas/gradient-text-with-shadow.html

Attachments
WIP (18.83 KB, patch) 2020-09-26 22:55 PDT, Wenson Hsieh	ews-feeder: commit-queue-	Details Formatted Diff Diff
WIP (20.44 KB, patch) 2020-09-26 23:00 PDT, Wenson Hsieh	no flags	Details Formatted Diff Diff
WIP (23.43 KB, patch) 2020-09-27 00:19 PDT, Wenson Hsieh	no flags	Details Formatted Diff Diff
WIP (23.44 KB, patch) 2020-09-27 09:49 PDT, Wenson Hsieh	ews-feeder: commit-queue-	Details Formatted Diff Diff
WIP (23.44 KB, patch) 2020-09-27 10:04 PDT, Wenson Hsieh	ews-feeder: commit-queue-	Details Formatted Diff Diff
WIP (23.45 KB, patch) 2020-09-27 10:11 PDT, Wenson Hsieh	no flags	Details Formatted Diff Diff
Patch (26.17 KB, patch) 2020-09-27 11:22 PDT, Wenson Hsieh	no flags	Details Formatted Diff Diff
WIP (27.00 KB, patch) 2020-09-28 21:37 PDT, Wenson Hsieh	ews-feeder: commit-queue-	Details Formatted Diff Diff
WIP (27.03 KB, patch) 2020-09-28 21:45 PDT, Wenson Hsieh	no flags	Details Formatted Diff Diff
Patch (29.76 KB, patch) 2020-09-28 22:37 PDT, Wenson Hsieh	no flags	Details Formatted Diff Diff
Show Obsolete (9) View All Add attachment proposed patch, testcase, etc.

Wenson Hsieh

Comment 1 2020-09-26 22:55:01 PDT Comment hidden (obsolete)

Created attachment 409813 [details] WIP

Wenson Hsieh

Comment 2 2020-09-26 23:00:21 PDT Comment hidden (obsolete)

Created attachment 409814 [details] WIP

Wenson Hsieh

Comment 3 2020-09-27 00:19:35 PDT Comment hidden (obsolete)

Created attachment 409820 [details] WIP

Wenson Hsieh

Comment 4 2020-09-27 09:49:22 PDT Comment hidden (obsolete)

Created attachment 409840 [details] WIP

Wenson Hsieh

Comment 5 2020-09-27 10:04:46 PDT Comment hidden (obsolete)

Created attachment 409841 [details] WIP

Wenson Hsieh

Comment 6 2020-09-27 10:11:24 PDT Comment hidden (obsolete)

Created attachment 409842 [details] WIP

Wenson Hsieh

Comment 7 2020-09-27 11:22:10 PDT Comment hidden (obsolete)

Created attachment 409846 [details] Patch

Radar WebKit Bug Importer

Comment 8 2020-09-27 13:03:18 PDT

<rdar://problem/69663834>

Wenson Hsieh

Comment 9 2020-09-28 21:37:56 PDT Comment hidden (obsolete)

Created attachment 409961 [details] WIP

Wenson Hsieh

Comment 10 2020-09-28 21:45:43 PDT Comment hidden (obsolete)

Created attachment 409962 [details] WIP

Wenson Hsieh

Comment 11 2020-09-28 22:37:54 PDT

Created attachment 409966 [details] Patch

Simon Fraser (smfr)

Comment 12 2020-09-29 09:26:46 PDT

Comment on attachment 409966 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409966&action=review > Source/WebCore/platform/graphics/GraphicsContext.h:414 > + ClipToDrawingCommandsResult clipToDrawingCommands(const FloatRect& destination, ColorSpace, Function<void(GraphicsContext&)>&&); This is great. We might end up generalizing this for other image buffer code paths, but it's a good start.

Wenson Hsieh

Comment 13 2020-09-29 09:31:27 PDT

Comment on attachment 409966 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409966&action=review >> Source/WebCore/platform/graphics/GraphicsContext.h:414 >> + ClipToDrawingCommandsResult clipToDrawingCommands(const FloatRect& destination, ColorSpace, Function<void(GraphicsContext&)>&&); > > This is great. We might end up generalizing this for other image buffer code paths, but it's a good start. 👍🏻

EWS

Comment 14 2020-09-29 09:41:53 PDT

Committed r267742: <https://trac.webkit.org/changeset/267742> All reviewed patches have been landed. Closing bug and clearing flags on attachment 409966 [details].

Note You need to log in before you can comment on or make changes to this bug.