| Summary: | [GPU Process] Crash when loading drinktrade.com | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Jon Lee <jonlee> | ||||
| Component: | Images | Assignee: | Wenson Hsieh <wenson_hsieh> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | bfulgham, sabouhallawa, simon.fraser, thorton, webkit-bug-importer, wenson_hsieh, zalan | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | WebKit Nightly Build | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
|
Description
Jon Lee
2020-12-10 11:46:47 PST
It seems we're just missing a retain here, since cgImage isn't a newly created object we should be taking ownership of:
diff --git a/Source/WebCore/platform/graphics/displaylists/DisplayListDrawGlyphsRecorderCoreText.cpp b/Source/WebCore/platform/graphics/displaylists/DisplayListDrawGlyphsRecorderCoreText.cpp
index 8bc00142820e..6c01c41599a6 100644
--- a/Source/WebCore/platform/graphics/displaylists/DisplayListDrawGlyphsRecorderCoreText.cpp
+++ b/Source/WebCore/platform/graphics/displaylists/DisplayListDrawGlyphsRecorderCoreText.cpp
@@ -352,7 +352,7 @@ void DrawGlyphsRecorder::recordDrawImage(CGRenderingStateRef, CGGStateRef gstate
m_owner.translate(0, rect.size.height + 2 * rect.origin.y);
m_owner.scale(FloatSize(1, -1));
- auto image = NativeImage::create(adoptCF(cgImage));
+ auto image = NativeImage::create(cgImage);
m_owner.drawNativeImage(*image, image->size(), FloatRect(rect), FloatRect {{ }, image->size()}, ImagePaintingOptions { ImageOrientation::OriginTopLeft });
// Undo the above y-flip to restore the context.
I suspect this is probably covered by some existing layout test when GPU process is enabled...
(In reply to Wenson Hsieh from comment #2) > It seems we're just missing a retain here, since cgImage isn't a newly > created object we should be taking ownership of: > > diff --git > a/Source/WebCore/platform/graphics/displaylists/ > DisplayListDrawGlyphsRecorderCoreText.cpp > b/Source/WebCore/platform/graphics/displaylists/ > DisplayListDrawGlyphsRecorderCoreText.cpp > index 8bc00142820e..6c01c41599a6 100644 > --- > a/Source/WebCore/platform/graphics/displaylists/ > DisplayListDrawGlyphsRecorderCoreText.cpp > +++ > b/Source/WebCore/platform/graphics/displaylists/ > DisplayListDrawGlyphsRecorderCoreText.cpp > @@ -352,7 +352,7 @@ void > DrawGlyphsRecorder::recordDrawImage(CGRenderingStateRef, CGGStateRef gstate > m_owner.translate(0, rect.size.height + 2 * rect.origin.y); > m_owner.scale(FloatSize(1, -1)); > > - auto image = NativeImage::create(adoptCF(cgImage)); > + auto image = NativeImage::create(cgImage); > m_owner.drawNativeImage(*image, image->size(), FloatRect(rect), > FloatRect {{ }, image->size()}, ImagePaintingOptions { > ImageOrientation::OriginTopLeft }); > > // Undo the above y-flip to restore the context. > > I suspect this is probably covered by some existing layout test when GPU > process is enabled... Looks like fast/text/emoji.html should have us covered here. Created attachment 415919 [details]
Patch
Committed r270653: <https://trac.webkit.org/changeset/270653> All reviewed patches have been landed. Closing bug and clearing flags on attachment 415919 [details]. |