[Webkit-unassigned] [Bug 65063] REGRESSION(r91628): 3 canvas tests crash on Chromium Linux and one test fail on Chromium Mac
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 1 14:47:57 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=65063
Tom Hudson <tomhudson at google.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tomhudson at google.com
--- Comment #10 from Tom Hudson <tomhudson at google.com> 2011-08-01 14:47:57 PST ---
With Chromium Linux 15.0.841.0 (WebKit r92135), drawingbuffer-test, canvas-bg-multiple-removal, and gl-enable-enum-test all run fine.
canvas-as-image-incremental-repaint.html crashes.
HTMLCanvasElement::didDraw() is attempting to call m_copiedImage.clear(). When it arrives at SkBitmap::~SkBitmap, the bitmap appears to be corrupt, with fColorTable = 0x1.
m_copiedImage is set validly in a call from CSSCanvasValue::image(). At this point, the Bitmap looks valid: 300x300, 1200 row bytes, NULL fColorTable, NULL fPixels, Config 6, BytesPerPixel 4.
BitmapImageSingleFrameSkia appears to have *two* SkBitmaps, named Native and Resized. When we enter HTMLCanvasElement::didDraw(), the m_nativeImage is unchanged, but the m_resizedImage - formerly all NULL - now has a fColorTable = 0x1.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list