[Webkit-unassigned] [Bug 209141] New: [GPU Process] Implement DisplayList clipToImageBuffer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 16 11:11:29 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=209141

            Bug ID: 209141
           Summary: [GPU Process] Implement DisplayList clipToImageBuffer
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Canvas
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sabouhallawa at apple.com
                CC: dino at apple.com

Repro steps:

Repro steps:

1. Launch mini-browser
2. Enable "Settings/Internal Features/Render Canvas in GPU Process" or "Settings/Enable Display List Drawing".
3. Open the attached test case

Result: WebKit will crash with the following call stack:

#0      0x000000056b81212c in WTF::RetainPtr<CGContext*>::operator!() const at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/RetainPtr.h:103
#1      0x000000056b811936 in WebCore::GraphicsContext::platformContext() const at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp:254
#2      0x000000056b8146be in WebCore::GraphicsContext::clipToImageBuffer(WebCore::ImageBuffer&, WebCore::FloatRect const&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp:518
#3      0x000000056ad21a4a in WebCore::CanvasRenderingContext2D::drawTextInternal(WTF::String const&, float, float, bool, WTF::Optional<float>) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:574
#4      0x000000056ad20d8d in WebCore::CanvasRenderingContext2D::fillText(WTF::String const&, float, float, WTF::Optional<float>) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:332
#5      0x0000000568642660 in WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillTextBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*, JSC::ThrowScope&) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/DerivedSources/WebCore/JSCanvasRenderingContext2D.cpp:2895
#6      0x00000005685ab972 in long long WebCore::IDLOperation<WebCore::JSCanvasRenderingContext2D>::call<&(WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillTextBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/bindings/js/JSDOMOperation.h:53
#7      0x00000005685ab654 in WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillText(JSC::JSGlobalObject*, JSC::CallFrame*) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/DerivedSources/WebCore/JSCanvasRenderingContext2D.cpp:2901

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200316/e716cdfa/attachment.htm>

More information about the webkit-unassigned mailing list