Bug 217026 - [GPU Process] Several layout tests in fast/canvas crash under GraphicsContext::clipToImageBuffer
Summary: [GPU Process] Several layout tests in fast/canvas crash under GraphicsContext...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Canvas (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Wenson Hsieh
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-09-26 21:51 PDT by Wenson Hsieh
Modified: 2022-02-10 10:53 PST (History)
10 users (show)

See Also:

Attachments
WIP (18.83 KB, patch)
2020-09-26 22:55 PDT, Wenson Hsieh 		ews-feeder: commit-queue-
Details | Formatted Diff | Diff
WIP (20.44 KB, patch)
2020-09-26 23:00 PDT, Wenson Hsieh 		no flags Details | Formatted Diff | Diff
WIP (23.43 KB, patch)
2020-09-27 00:19 PDT, Wenson Hsieh 		no flags Details | Formatted Diff | Diff
WIP (23.44 KB, patch)
2020-09-27 09:49 PDT, Wenson Hsieh 		ews-feeder: commit-queue-
Details | Formatted Diff | Diff
WIP (23.44 KB, patch)
2020-09-27 10:04 PDT, Wenson Hsieh 		ews-feeder: commit-queue-
Details | Formatted Diff | Diff
WIP (23.45 KB, patch)
2020-09-27 10:11 PDT, Wenson Hsieh 		no flags Details | Formatted Diff | Diff
Patch (26.17 KB, patch)
2020-09-27 11:22 PDT, Wenson Hsieh 		no flags Details | Formatted Diff | Diff
WIP (27.00 KB, patch)
2020-09-28 21:37 PDT, Wenson Hsieh 		ews-feeder: commit-queue-
Details | Formatted Diff | Diff
WIP (27.03 KB, patch)
2020-09-28 21:45 PDT, Wenson Hsieh 		no flags Details | Formatted Diff | Diff
Patch (29.76 KB, patch)
2020-09-28 22:37 PDT, Wenson Hsieh 		no flags Details | Formatted Diff | Diff
Show Obsolete (9) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wenson Hsieh 2020-09-26 21:51:10 PDT 
Fixes null dereference crashes when running these four layout tests with GPUP enabled:

- fast/canvas/2d.fillText.gradient.html
- fast/canvas/2d.text.draw.fill.maxWidth.gradient.html
- fast/canvas/canvas-text-alignment.html
- fast/canvas/gradient-text-with-shadow.html
Comment 1 Wenson Hsieh 2020-09-26 22:55:01 PDT Comment hidden (obsolete)
Comment 2 Wenson Hsieh 2020-09-26 23:00:21 PDT Comment hidden (obsolete)
Comment 3 Wenson Hsieh 2020-09-27 00:19:35 PDT Comment hidden (obsolete)
Comment 4 Wenson Hsieh 2020-09-27 09:49:22 PDT Comment hidden (obsolete)
Comment 5 Wenson Hsieh 2020-09-27 10:04:46 PDT Comment hidden (obsolete)
Comment 6 Wenson Hsieh 2020-09-27 10:11:24 PDT Comment hidden (obsolete)
Comment 7 Wenson Hsieh 2020-09-27 11:22:10 PDT Comment hidden (obsolete)
Comment 8 Radar WebKit Bug Importer 2020-09-27 13:03:18 PDT 
<rdar://problem/69663834>
Comment 9 Wenson Hsieh 2020-09-28 21:37:56 PDT Comment hidden (obsolete)
Comment 10 Wenson Hsieh 2020-09-28 21:45:43 PDT Comment hidden (obsolete)
Comment 11 Wenson Hsieh 2020-09-28 22:37:54 PDT 
Created attachment 409966 [details]
Patch
Comment 12 Simon Fraser (smfr) 2020-09-29 09:26:46 PDT 
Comment on attachment 409966 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=409966&action=review

> Source/WebCore/platform/graphics/GraphicsContext.h:414
> +    ClipToDrawingCommandsResult clipToDrawingCommands(const FloatRect& destination, ColorSpace, Function<void(GraphicsContext&)>&&);

This is great. We might end up generalizing this for other image buffer code paths, but it's a good start.
Comment 13 Wenson Hsieh 2020-09-29 09:31:27 PDT 
Comment on attachment 409966 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=409966&action=review

>> Source/WebCore/platform/graphics/GraphicsContext.h:414
>> +    ClipToDrawingCommandsResult clipToDrawingCommands(const FloatRect& destination, ColorSpace, Function<void(GraphicsContext&)>&&);
> 
> This is great. We might end up generalizing this for other image buffer code paths, but it's a good start.

👍🏻
Comment 14 EWS 2020-09-29 09:41:53 PDT 
Committed r267742: <https://trac.webkit.org/changeset/267742>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 409966 [details].