[Webkit-unassigned] [Bug 24209] New: HTMLCanvasElement::createImageBuffer() does not check return of ImageBuffer::create!
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 26 14:49:29 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=24209
Summary: HTMLCanvasElement::createImageBuffer() does not check
return of ImageBuffer::create!
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.5
Status: NEW
Keywords: NeedsReduction
Severity: Normal
Priority: P1
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: eric at webkit.org
HTMLCanvasElement::createImageBuffer() does not check return of
ImageBuffer::create!
(And thus crashes).
This is crashing an internal Google tool. Sadly, I don't have a reduction for
you, but the crash is pretty easy to see from the code:
void HTMLCanvasElement::createImageBuffer() const
{
ASSERT(!m_imageBuffer);
m_createdImageBuffer = true;
FloatSize unscaledSize(width(), height());
IntSize size = convertLogicalToDevice(unscaledSize);
if (!size.width() || !size.height())
return;
m_imageBuffer.set(ImageBuffer::create(size, false).release()); // THIS
RETURNS NULL SOMETIMES
m_imageBuffer->context()->scale(FloatSize(size.width() /
unscaledSize.width(), size.height() / unscaledSize.height())); // CRASH!
m_imageBuffer->context()->setShadowsIgnoreTransforms(true);
}
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list