Bug 217026

Summary: [GPU Process] Several layout tests in fast/canvas crash under GraphicsContext::clipToImageBuffer
Product: WebKit Reporter: Wenson Hsieh <wenson_hsieh>
Component: CanvasAssignee: Wenson Hsieh <wenson_hsieh>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, changseok, dino, esprehn+autocc, ews-watchlist, gyuyoung.kim, sabouhallawa, simon.fraser, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=225959
Attachments:
Description Flags
WIP
ews-feeder: commit-queue-
WIP
none
WIP
none
WIP
ews-feeder: commit-queue-
WIP
ews-feeder: commit-queue-
WIP
none
Patch
none
WIP
ews-feeder: commit-queue-
WIP
none
Patch none

Description Wenson Hsieh 2020-09-26 21:51:10 PDT 
Fixes null dereference crashes when running these four layout tests with GPUP enabled:

- fast/canvas/2d.fillText.gradient.html
- fast/canvas/2d.text.draw.fill.maxWidth.gradient.html
- fast/canvas/canvas-text-alignment.html
- fast/canvas/gradient-text-with-shadow.html
Comment 1 Wenson Hsieh 2020-09-26 22:55:01 PDT Comment hidden (obsolete)
Comment 2 Wenson Hsieh 2020-09-26 23:00:21 PDT Comment hidden (obsolete)
Comment 3 Wenson Hsieh 2020-09-27 00:19:35 PDT Comment hidden (obsolete)
Comment 4 Wenson Hsieh 2020-09-27 09:49:22 PDT Comment hidden (obsolete)
Comment 5 Wenson Hsieh 2020-09-27 10:04:46 PDT Comment hidden (obsolete)
Comment 6 Wenson Hsieh 2020-09-27 10:11:24 PDT Comment hidden (obsolete)
Comment 7 Wenson Hsieh 2020-09-27 11:22:10 PDT Comment hidden (obsolete)
Comment 8 Radar WebKit Bug Importer 2020-09-27 13:03:18 PDT 
<rdar://problem/69663834>
Comment 9 Wenson Hsieh 2020-09-28 21:37:56 PDT Comment hidden (obsolete)
Comment 10 Wenson Hsieh 2020-09-28 21:45:43 PDT Comment hidden (obsolete)
Comment 11 Wenson Hsieh 2020-09-28 22:37:54 PDT 
Created attachment 409966 [details]
Patch
Comment 12 Simon Fraser (smfr) 2020-09-29 09:26:46 PDT 
Comment on attachment 409966 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=409966&action=review

> Source/WebCore/platform/graphics/GraphicsContext.h:414
> +    ClipToDrawingCommandsResult clipToDrawingCommands(const FloatRect& destination, ColorSpace, Function<void(GraphicsContext&)>&&);

This is great. We might end up generalizing this for other image buffer code paths, but it's a good start.
Comment 13 Wenson Hsieh 2020-09-29 09:31:27 PDT 
Comment on attachment 409966 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=409966&action=review

>> Source/WebCore/platform/graphics/GraphicsContext.h:414
>> +    ClipToDrawingCommandsResult clipToDrawingCommands(const FloatRect& destination, ColorSpace, Function<void(GraphicsContext&)>&&);
> 
> This is great. We might end up generalizing this for other image buffer code paths, but it's a good start.

👍🏻
Comment 14 EWS 2020-09-29 09:41:53 PDT 
Committed r267742: <https://trac.webkit.org/changeset/267742>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 409966 [details].