[wpt-sync] Sync PR 19413 - [OT-PW] Fixes crash when drawing patterns
Categories
(Core :: Web Painting, task, P4)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox71 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 19413 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/19413
Details from upstream follow.
Xida Chen <xidachen@chromium.org> wrote:
[OT-PW] Fixes crash when drawing patterns
Right now the PaintWorkletDeferredImage keeps a scoped_refptr to the
PaintWorkletInput, and during the CreateShader function, the ownership
of that PaintWorkletInput is given to a PaintImage, which is then used
to create a PaintShader.Notice that the CreateShader function can be called multiple times,
and in this case the PaintWorkletInput is nullptr after the first call.
And then it triggers a crash in PaintShader::MakeImage.To fix this, we make the PaintWorkletDeferredImage keeps a PaintImage
which would always own the PaintWorkletInput that is passed to it.
When CreateShader is called, we can use the PaintImage to build the
shader.A layout test is added to ensure there is no crash.
Bug: 1009450
Change-Id: I8fa5f45728884fe213176b4f5490329259a19a27
Reviewed-on: https://chromium-review.googlesource.com/1831790
WPT-Export-Revision: 865ac6a2347c1cbb6a06ef7bcb8ed1b3497a28de
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Comment 1•6 years ago
|
||
|
|
Assignee | |
Comment 2•6 years ago
|
||
|
|
Assignee | |
Comment 3•6 years ago
|
||
|
|
Assignee | |
Comment 4•6 years ago
|
||
|
|
Assignee | |
Comment 5•6 years ago
|
||
|
|
Assignee | |
Comment 6•6 years ago
|
||
|
|
Assignee | |
Comment 7•6 years ago
|
||
|
|
Assignee | |
Comment 8•6 years ago
|
||
|
||
Comment 10•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/cfd6f7a92945
https://hg.mozilla.org/mozilla-central/rev/19a49bcb64b5
Description
•