[Webkit-unassigned] [Bug 65063] REGRESSION(r91628): 3 canvas tests crash on Chromium Linux and one test fail on Chromium Mac
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 18 21:11:27 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=65063
--- Comment #21 from James Robinson <jamesr at chromium.org> 2011-08-18 21:11:27 PST ---
(In reply to comment #11)
> This appears to be a regression of http://code.google.com/p/chromium/issues/detail?id=79739 / https://bugs.webkit.org/show_bug.cgi?id=58821. However, the changes to GraphicsContext3DSkia::getImageData() made then seem to be intact, suggesting it's a similar bad cast in some other place.
>
> At least three callers are using Image::isBitmapImage() as RTTI and casting an Image to a BitmapImage so they can call the functions on it. Although BitmapImageSingleFrameSkia is implemented as a bitmap, it doesn't have all the other baggage that has accreted around BitmapImage (multiple animation frames).
I think this is a really serious bug that we need to fix with BitmapImageSingleFrameSkia. That's an incredibly fragile pattern and very different from the rest of how WebKit works. That said, the more important thing right now is to fix the crashes, and then later fix the design flaws that lead to it being so easy to write crashers like this.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list