[Webkit-unassigned] [Bug 219752] [GPU Process] Crash when loading drinktrade.com

Thu Dec 10 12:20:08 PST 2020

https://bugs.webkit.org/show_bug.cgi?id=219752

Wenson Hsieh <wenson_hsieh at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|webkit-unassigned at lists.web |wenson_hsieh at apple.com
                   |kit.org                     |

--- Comment #2 from Wenson Hsieh <wenson_hsieh at apple.com> ---
It seems we're just missing a retain here, since cgImage isn't a newly created object we should be taking ownership of:

diff --git a/Source/WebCore/platform/graphics/displaylists/DisplayListDrawGlyphsRecorderCoreText.cpp b/Source/WebCore/platform/graphics/displaylists/DisplayListDrawGlyphsRecorderCoreText.cpp
index 8bc00142820e..6c01c41599a6 100644
--- a/Source/WebCore/platform/graphics/displaylists/DisplayListDrawGlyphsRecorderCoreText.cpp
+++ b/Source/WebCore/platform/graphics/displaylists/DisplayListDrawGlyphsRecorderCoreText.cpp
@@ -352,7 +352,7 @@ void DrawGlyphsRecorder::recordDrawImage(CGRenderingStateRef, CGGStateRef gstate
     m_owner.translate(0, rect.size.height + 2 * rect.origin.y);
     m_owner.scale(FloatSize(1, -1));

-    auto image = NativeImage::create(adoptCF(cgImage));
+    auto image = NativeImage::create(cgImage);
     m_owner.drawNativeImage(*image, image->size(), FloatRect(rect), FloatRect {{ }, image->size()}, ImagePaintingOptions { ImageOrientation::OriginTopLeft });

     // Undo the above y-flip to restore the context.

I suspect this is probably covered by some existing layout test when GPU process is enabled...

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201210/06e26590/attachment-0001.htm>
