[Webkit-unassigned] [Bug 132635] Using a fill pattern much larger than actual canvas reliably segfaults browser

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 7 10:54:19 PDT 2014


--- Comment #3 from Stephen Judkins <stephen.judkins at gmail.com>  2014-05-07 10:54:40 PST ---
That jsfiddle link reliably causes crashes for me, on both Safari Version 7.0.3 (9537.75.14) and Webkit r168407 on OS X 10.9.2. [https://dl.dropboxusercontent.com/spa/4slnjubp16y5phq/q_svco15.png] However, none of my coworkers' machines crash.

However, it reliably crashes everyone who tries it on mobile Safari (or a UIWebView) on iOS. This only occurs on the actual device, NOT the x86 simulator. The stack trace indicates it's a null pointer dereference in the same `WebCore::Pattern::createPlatformPattern` method. So far, this has been 100% reproducible on these devices:

* iPad 4th-generation
* iPhone 4g

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list