[Webkit-unassigned] [Bug 96919] New: [Texmap] Possible crash because of referencing deleted mask/replica layer
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Sep 17 07:16:59 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=96919
Summary: [Texmap] Possible crash because of referencing deleted
mask/replica layer
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: kbalazs at webkit.org
CC: noam.rosenthal at nokia.com, luiz at webkit.org
When deleting a GraphicsLayerTextureMapper we remove the associated TextureMapperLayer from the layer tree but other layers can still refer to it with m_effectTarget, m_state.maskLayer or m_state.replicaLayer. I don't know how to reproduce it on trunk, I found it when working on pixel tests (bug 90394 and bug 95992). With those patches compositing/masks tests are crashing in TextureMapperLayer::paintRecursive because we refer to an already deleted object with m_state.maskLayer. I believe the solution here is to traverse the whole tree when deleting a layer and null out all pointers to it.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list