[Webkit-unassigned] [Bug 15483] REGRESSION: fast/images/svg-background-crash-on-refresh.html hangs

Mon Oct 15 22:47:30 PDT 2007

http://bugs.webkit.org/show_bug.cgi?id=15483





------- Comment #8 from eric at webkit.org  2007-10-15 22:47 PDT -------
Ok, one possible problem is that the code in:
void SVGResourceMasker::applyMask(GraphicsContext* context, const FloatRect&
boundingBox)

may cause the backing store for the CGImage (used as a mask) to be destroyed
before CG actually uses it.  The ImageBuffer will destroy the backing store
when it goes out of scope, however CG might not have made a copy of the bytes
yet (making an image from a CGContext is COW) and thus it might be reading off
into oblivion when it actually applies the mask.  How that would cause this
hang?  no clue.

Also, we free the bytes behind the CGBitmapImageContext before we release the
actual context and image, again, I'm not sure this is a "real problem" but we
do.  Her is a little patch-chen which would fix that part:

Index: platform/graphics/cg/ImageBufferCG.cpp
===================================================================

--- platform/graphics/cg/ImageBufferCG.cpp      (revision 26601)
+++ platform/graphics/cg/ImageBufferCG.cpp      (working copy)
@@ -71,8 +71,10 @@

 ImageBuffer::~ImageBuffer()
 {
+    CGImageRelease(m_cgImage);
+    m_context = 0;
+    // Let go of our handles to the CGBitmapContext before we blow away its
backing store
     fastFree(m_data);
-    CGImageRelease(m_cgImage);
 }

 GraphicsContext* ImageBuffer::context() const

Again, I can't reproduce this, so I'm not much use to try these fixes.  Someone
could try hacking applyMask to leak the ImageBuffer and see if that fixed the
problem.  (If it does we'll have to come up with a more elegant solution to
make CG or GraphicsContext own the bytes)


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

