Changeset 103439 in webkit

Timestamp:

Dec 21, 2011 1:40:37 PM (12 years ago)

Author:

senorblanco@chromium.org

Message:

Source/WebCore: Fix CSS filters crash on zero-sized elements.
​https://bugs.webkit.org/show_bug.cgi?id=75020

Reviewed by Dean Jackson.

Test: css3/filters/filter-empty-element-crash.html

• rendering/FilterEffectRenderer.cpp:

(WebCore::FilterEffectRenderer::inputContext):
Protect against null ImageBuffer.

• rendering/RenderLayer.cpp:

(WebCore::RenderLayer::paintLayer):
Protect against null GraphicsContext.

LayoutTests: Test for CSS filters crash on zero-sized element
​https://bugs.webkit.org/show_bug.cgi?id=75020

Reviewed by Dean Jackson.

• css3/filters/filter-empty-element-crash-expected.txt: Added.
• css3/filters/filter-empty-element-crash.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/css3/filters/filter-empty-element-crash-expected.txt (added)
• LayoutTests/css3/filters/filter-empty-element-crash.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/rendering/FilterEffectRenderer.cpp (modified) (1 diff)
• Source/WebCore/rendering/RenderLayer.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-12-21  Stephen White  <senorblanco@chromium.org>
+
+        Test for CSS filters crash on zero-sized element
+        https://bugs.webkit.org/show_bug.cgi?id=75020
+
+        Reviewed by Dean Jackson.
+
+        * css3/filters/filter-empty-element-crash-expected.txt: Added.
+        * css3/filters/filter-empty-element-crash.html: Added.
+
 2011-12-20  Dmitry Lomov  <dslomov@google.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-12-21  Stephen White  <senorblanco@chromium.org>
+
+        Fix CSS filters crash on zero-sized elements.
+        https://bugs.webkit.org/show_bug.cgi?id=75020
+
+        Reviewed by Dean Jackson.
+
+        Test: css3/filters/filter-empty-element-crash.html
+
+        * rendering/FilterEffectRenderer.cpp:
+        (WebCore::FilterEffectRenderer::inputContext):
+        Protect against null ImageBuffer.
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::paintLayer):
+        Protect against null GraphicsContext.
+
 2011-12-21  Anders Carlsson  <andersca@apple.com>
 

trunk/Source/WebCore/rendering/FilterEffectRenderer.cpp

@@ -89 +89 @@
 GraphicsContext* FilterEffectRenderer::inputContext()
 {
-    return sourceImage()->context();
+    return sourceImage() ? sourceImage()->context() : 0;
 }
 

trunk/Source/WebCore/rendering/RenderLayer.cpp

@@ -2755 +2755 @@
         // Paint into the context that represents the SourceGraphic of the filter.
         GraphicsContext* sourceGraphicsContext = m_filter->inputContext();
+        if (!sourceGraphicsContext)
+            return;
         
         LayoutPoint layerOrigin;