Changeset 272845 in webkit
- Timestamp:
- Feb 15, 2021, 2:38:30 AM (5 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 3 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/fast/canvas/resize-to-large-canvas-and-convert-to-blog-expected.txt (added)
-
LayoutTests/fast/canvas/resize-to-large-canvas-and-convert-to-blog.html (added)
-
LayoutTests/platform/ios/fast/canvas/resize-to-large-canvas-and-convert-to-blog-expected.txt (added)
-
Source/WebCore/ChangeLog (modified) (1 diff)
-
Source/WebCore/platform/graphics/cg/ImageBufferCGBackend.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r272842 r272845 1 2021-02-15 Frederic Wang <fwang@igalia.com> 2 3 Crash in RetainPtr<CGImage*>::RetainPtr via ImageBufferCGBackend::toCFData 4 https://bugs.webkit.org/show_bug.cgi?id=221376 5 6 Reviewed by Said Abou-Hallawa. 7 8 * fast/canvas/resize-to-large-canvas-and-convert-to-blog-expected.txt: Added. 9 * fast/canvas/resize-to-large-canvas-and-convert-to-blog-expected.txt: Added. 10 * fast/canvas/resize-to-large-canvas-and-convert-to-blog.html: Added. 11 1 12 2021-02-14 Peng Liu <peng.liu6@apple.com> 2 13 -
trunk/Source/WebCore/ChangeLog
r272844 r272845 1 2021-02-15 Frederic Wang <fwang@igalia.com> 2 3 Crash in RetainPtr<CGImage*>::RetainPtr via ImageBufferCGBackend::toCFData 4 https://bugs.webkit.org/show_bug.cgi?id=221376 5 6 Reviewed by Said Abou-Hallawa. 7 8 Call to copyNativeImage(CopyBackingStore) may return a null pointer if CGBitmapContextCreateImage 9 does. This patch fixes a crash due to null pointer dereference and adds a similar check for 10 copyNativeImage(DontCopyBackingStore). 11 12 Test: fast/canvas/resize-to-large-canvas-and-convert-to-blog.html 13 14 * platform/graphics/cg/ImageBufferCGBackend.cpp: 15 (WebCore::ImageBufferCGBackend::toCFData const): 16 1 17 2021-02-15 Manuel Rego Casasnovas <rego@igalia.com> 2 18 -
trunk/Source/WebCore/platform/graphics/cg/ImageBufferCGBackend.cpp
r271441 r272845 192 192 image = adoptCF(CGImageCreate(pixelArrayDimensions.width(), pixelArrayDimensions.height(), 8, 32, 4 * pixelArrayDimensions.width(), sRGBColorSpaceRef(), kCGBitmapByteOrderDefault | kCGImageAlphaNoneSkipLast, dataProvider.get(), 0, false, kCGRenderingIntentDefault)); 193 193 } else if (resolutionScale() == 1 || preserveResolution == PreserveResolution::Yes) { 194 image = copyNativeImage(CopyBackingStore)->platformImage(); 194 auto nativeImage = copyNativeImage(CopyBackingStore); 195 if (!nativeImage) 196 return nullptr; 197 image = nativeImage->platformImage(); 195 198 image = createCroppedImageIfNecessary(image.get(), backendSize()); 196 199 } else { 197 image = copyNativeImage(DontCopyBackingStore)->platformImage(); 200 auto nativeImage = copyNativeImage(DontCopyBackingStore); 201 if (!nativeImage) 202 return nullptr; 203 image = nativeImage->platformImage(); 198 204 auto context = adoptCF(CGBitmapContextCreate(0, backendSize().width(), backendSize().height(), 8, 4 * backendSize().width(), sRGBColorSpaceRef(), kCGImageAlphaPremultipliedFirst | kCGBitmapByteOrder32Host)); 199 205 CGContextSetBlendMode(context.get(), kCGBlendModeCopy);
Note:
See TracChangeset
for help on using the changeset viewer.
