[Webkit-unassigned] [Bug 143549] New: WebKit will crash when GraphicsContext3D::createForCurrentGLContext() return null

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 8 19:57:32 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=143549

            Bug ID: 143549
           Summary: WebKit will crash when
                    GraphicsContext3D::createForCurrentGLContext() return
                    null
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebGL
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jy_lizl at cn.fujitsu.com

if GraphicsContext3D::createForCurrentGLContext() return 0 in TextureMapperGL's constructor,WebKit will crash
serval code and call stack is like follow:
WebCore::TextureMapperGLData::SharedGLData::currentSharedGLData(context) {GLContextDataMap::iterator it = glContextDataMap().find(context->platformGraphicsContext3D());}
WebCore::TextureMapperGLData::TextureMapperGLData(GraphicsContext3D* context) :context(context),sharedData(TextureMapperGLData::SharedGLData::currentSharedGLData(this->context)){}
WebCore::TextureMapperGL::TextureMapperGL() { m_context3D = GraphicsContext3D::createForCurrentGLContext();m_data = new TextureMapperGLData(m_context3D.get());}

when GraphicsContext3D::createForCurrentGLContext() return null, the parameters(m_context3D,context) will be null.
but currentSharedGLData had used context without null-check.
this will make webkit crash.

createForCurrentGLContext() method is as follow:
PassRefPtr<GraphicsContext3D> GraphicsContext3D::createForCurrentGLContext()
{
    RefPtr<GraphicsContext3D> context = adoptRef(new GraphicsContext3D(Attributes(), 0, GraphicsContext3D::RenderToCurrentGLContext));
    return context->m_private ? context.release() : 0;
}

when port has something wrong, context->m_private will be null.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150409/5edf9a5e/attachment-0001.html>

More information about the webkit-unassigned mailing list