[Webkit-unassigned] [Bug 113492] New: [Chromium] Bad cast from BitmapImageSingleFrameSkia to BitmapImage

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 28 02:40:47 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=113492

           Summary: [Chromium] Bad cast from BitmapImageSingleFrameSkia to
                    BitmapImage
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: dchris at gmail.com
                CC: eric at webkit.org, laszlo.gombos at webkit.org,
                    pdr at google.com
            Blocks: 113420


createDragImageFromImage() casts an Image* to a BitmapImage* if Image::isBitmapImage() returns true. However, BitmapImageSingleFrameSkia::isBitmapImage() also returns true and BitmapImageSingleFrameSkia does not subclass BitmapImage.

Unluckily, the Image passed to createDragImageFromImage() is the result of ImageBuffer::copyImage() which is a BitmapImageSingleFrameSkia when using Skia, not a BitmapImage.

This leads to crashing in some of the drag'n drop test cases (e.g. editing/pasteboard/dataTransfer-setData-getData.html):
crash log for DumpRenderTree (pid 14229):
STDOUT: <empty>
STDERR: Received signal 11 <unknown> 000000000000
STDERR:  [0x000001813854] base::debug::StackTrace::StackTrace()
STDERR:  [0x000001813139] base::debug::(anonymous namespace)::StackDumpSignalHandler()
STDERR:  [0x7f504c3b1cb0] <unknown>
STDERR:  [0x00000068dada] WebCore::DeferredImageDecoder::frameSizeAtIndex()
STDERR:  [0x00000067bf67] WebCore::ImageSource::frameSizeAtIndex()
STDERR:  [0x00000067bf19] WebCore::ImageSource::size()
STDERR:  [0x000000636e23] WebCore::BitmapImage::updateSize()
STDERR:  [0x000000636ea8] WebCore::BitmapImage::sizeRespectingOrientation()
STDERR:  [0x000000629973] WebCore::createDragImageFromImage()
STDERR:  [0x000002b5cfeb] WebCore::Frame::dragImageForSelection()
STDERR:  [0x000002eac85b] WebCore::createDragImageForSelection()
STDERR:  [0x000002b38b96] WebCore::DragController::startDrag()
STDERR:  [0x000002b47ade] WebCore::EventHandler::handleDrag()
STDERR:  [0x000002b3bd0f] WebCore::EventHandler::handleMouseDraggedEvent()
STDERR:  [0x000002b3fcd3] WebCore::EventHandler::handleMouseMoveEvent()
STDERR:  [0x000002bee653] WebCore::EventHandler::passMouseMoveEventToSubframe()
STDERR:  [0x000002b3fb1e] WebCore::EventHandler::handleMouseMoveEvent()
STDERR:  [0x000002b3f2eb] WebCore::EventHandler::mouseMoved()
STDERR:  [0x00000051037f] WebKit::PageWidgetEventHandler::handleMouseMove()
STDERR:  [0x0000005100fc] WebKit::PageWidgetDelegate::handleInputEvent()
STDERR:  [0x0000004ba942] WebKit::WebViewImpl::handleInputEvent()
STDERR:  [0x0000017e0cd4] WebTestRunner::EventSender::doMouseMove()
STDERR:  [0x0000017e1e57] WebTestRunner::EventSender::replaySavedEvents()
STDERR:  [0x0000017e07e3] WebTestRunner::EventSender::mouseUp()
STDERR:  [0x0000017e6e53] WebTestRunner::CppBoundClass::MemberCallback<>::run()
STDERR:  [0x0000017da771] WebTestRunner::CppBoundClass::invoke()
STDERR:  [0x0000017da2c5] WebTestRunner::CppNPObject::invoke()
STDERR:  [0x00000276c247] WebCore::npObjectInvokeImpl()
STDERR:  [0x00000276c436] WebCore::npObjectMethodHandler()
STDERR:  [0x000001fcb3ae] v8::internal::HandleApiCallHelper<>()
STDERR:  [0x000001fc5ce7] v8::internal::Builtin_Impl_HandleApiCall()
STDERR:  [0x000001fc5cb8] v8::internal::Builtin_HandleApiCall()

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list