Bug 241429

Summary: REGRESSION(r295372): [Win, WinCairo] 30 tests crash when creating ImageData
Product: WebKit Reporter: Said Abou-Hallawa <sabouhallawa>
Component: Layout and RenderingAssignee: Said Abou-Hallawa <sabouhallawa>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, Hironori.Fujii, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=240810

Description Said Abou-Hallawa 2022-06-08 12:15:27 PDT 
This is an example for the failed tests from the Windows bots https://ews-build.webkit.org/#/builders/10/builds/137204. And these are the crash logs from the WinCairo bots https://build.webkit.org/results/WinCairo-64-bit-WKL-Release-Tests/251390@main%20(6948)/. 

EXCEPTION_RECORD:  (.exr -1)
.exr -1
ExceptionAddress: 00007ffd74e5405b (WebKit!WebCore::ImageData::{ctor}+0x0000000000000006)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000010
Attempt to read from address 0000000000000010

.  0  Id: 1c84.10f0 Suspend: 1 Teb: 000000bd`d6b44000 Unfrozen
 # Child-SP          RetAddr           Call Site
00 (Inline Function) --------`-------- WebKit!WebCore::ImageData::{ctor}+0x6 [C:\BW\WinCairo-64-bit-WKL-Release-Build\build\Source\WebCore\html\ImageData.cpp @ 148]
01 000000bd`d6cfc770 00007ffd`74e84da1 WebKit!WebCore::ImageData::create(class WTF::Ref<WebCore::ByteArrayPixelBuffer,WTF::RawPtrTraits<WebCore::ByteArrayPixelBuffer> > * pixelBuffer = 0x000000bd`d6cfc800)+0x7b [C:\BW\WinCairo-64-bit-WKL-Release-Build\build\Source\WebCore\html\ImageData.cpp @ 56]
02 000000bd`d6cfc7d0 00007ffd`74360dc9 WebKit!WebCore::CanvasRenderingContext2DBase::getImageData(int sx = <Value unavailable error>, int sy = <Value unavailable error>, int sw = 0n1, int sh = 0n1, class std::optional<WebCore::ImageDataSettings> * settings = 0x000000bd`d6cfc910)+0x251 [C:\BW\WinCairo-64-bit-WKL-Release-Build\build\Source\WebCore\html\canvas\CanvasRenderingContext2DBase.cpp @ 2199]
03 000000bd`d6cfc890 00007ffd`74360a9a WebKit!WebCore::jsCanvasRenderingContext2DPrototypeFunction_getImageDataBody(class JSC::JSGlobalObject * lexicalGlobalObject = 0x00000282`f68c8758, class JSC::CallFrame * callFrame = <Value unavailable error>, class WebCore::JSCanvasRenderingContext2D * castedThis = 0x00000282`f75cc278)+0x309 [C:\BW\WinCairo-64-bit-WKL-Release-Build\build\WebKitBuild\Release\WebCore\DerivedSources\JSCanvasRenderingContext2D.cpp @ 2348]
04 (Inline Function) --------`-------- WebKit!WebCore::IDLOperation<WebCore::JSCanvasRenderingContext2D>::call+0x41 [C:\BW\WinCairo-64-bit-WKL-Release-Build\build\Source\WebCore\bindings\js\JSDOMOperation.h @ 63]
05 000000bd`d6cfca30 00000282`b64e11be WebKit!WebCore::jsCanvasRenderingContext2DPrototypeFunction_getImageData(class JSC::JSGlobalObject * lexicalGlobalObject = 0x00000282`f68c8758, class JSC::CallFrame * callFrame = 0x000000bd`d6cfca90)+0x5a [C:\BW\WinCairo-64-bit-WKL-Release-Build\build\WebKitBuild\Release\WebCore\DerivedSources\JSCanvasRenderingContext2D.cpp @ 2354]
06 000000bd`d6cfca70 00000282`b64e1180 0x00000282`b64e11be
07 000000bd`d6cfca78 00000000`00000000 0x00000282`b64e1180
Comment 1 Said Abou-Hallawa 2022-06-08 13:59:37 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/1391
Comment 2 Fujii Hironori 2022-06-08 14:18:47 PDT 
WTFMove(pixelBuffer) was evaluated before evaluating pixelBuffer->size().
Comment 3 EWS 2022-06-08 17:19:11 PDT 
Committed r295402 (251408@main): <https://commits.webkit.org/251408@main>

Reviewed commits have been landed. Closing PR #1391 and removing active labels.
Comment 4 Radar WebKit Bug Importer 2022-06-08 17:20:14 PDT 
<rdar://problem/94677774>