Skip to content
  • jchaffraix@webkit.org's avatar
    Crash in RenderBox::paintMaskImages when GraphicsContext's painting is disabled · 3b543a32
    jchaffraix@webkit.org authored
    https://bugs.webkit.org/show_bug.cgi?id=68133
    
    Reviewed by Darin Adler.
    
    .:
    
    * Source/autotools/symbols.filter: Added the mangled symbols needed for window.internals
    
    Source/WebCore:
    
    Tests: fast/css/webkit-mask-crash-fieldset-legend.html
           fast/css/webkit-mask-crash-figure.html
           fast/css/webkit-mask-crash-table.html
           fast/css/webkit-mask-crash-td-2.html
           fast/css/webkit-mask-crash-td.html
    
    GraphicsContext::getCTM crashes if called with a GraphicsContext that has painting
    disabled. RenderBox::paintMaskImages would thus crash if called in this condition.
    
    This change just modifies the different GraphicsContext::getCTM method to bail early
    if painting is disabled on the GraphicsContext. The rest of the change is exposing
    paintControlTints that exposes this.
    
    * WebCore.exp.in: Added symbols of the newly export window.internals function.
    
    * page/FrameView.cpp:
    (WebCore::FrameView::updateControlTints): Split this function in 2 so that
    I can expose the internal paintControlTints.
    
    (WebCore::FrameView::paintControlTints):
    This is the one exposed to Internals as we want to be testable regardless of
    whether the platform supports control tints.
    
    * page/FrameView.h: Added paintControlTints.
    
    * testing/Internals.cpp:
    (WebCore::Internals::paintControlTints):
    * testing/Internals.h:
    * testing/Internals.idl:
    Added a way to force a fake painting so that we can easily reproduce the bugs.
    
    * platform/graphics/cairo/GraphicsContextCairo.cpp:
    (WebCore::GraphicsContext::getCTM):
    * platform/graphics/cg/GraphicsContextCG.cpp:
    (WebCore::GraphicsContext::getCTM):
    * platform/graphics/qt/GraphicsContextQt.cpp:
    (WebCore::GraphicsContext::getCTM):
    * platform/graphics/skia/GraphicsContextSkia.cpp:
    (WebCore::GraphicsContext::getCTM):
    * platform/graphics/wince/GraphicsContextWinCE.cpp:
    (WebCore::GraphicsContext::getCTM):
    * platform/graphics/wx/GraphicsContextWx.cpp:
    (WebCore::GraphicsContext::getCTM):
    Fixed all our back-end to exit early if painting is disabled.
    
    Source/WebKit2:
    
    * win/WebKit2.def:
    * win/WebKit2CFLite.def:
    Exported the new FrameView::paintControlTints function.
    
    LayoutTests:
    
    Those tests checks that we do not crash when calling internals.paintControlTints.
    
    * platform/mac/Skipped: Skipped 2 tests as they are hitting an ASSERT unrelated to
    this change on Mac.
    
    * fast/css/webkit-mask-crash-fieldset-legend-expected.txt: Added.
    * fast/css/webkit-mask-crash-fieldset-legend.html: Added.
    * fast/css/webkit-mask-crash-figure-expected.txt: Added.
    * fast/css/webkit-mask-crash-figure.html: Added.
    * fast/css/webkit-mask-crash-table-expected.txt: Added.
    * fast/css/webkit-mask-crash-table.html: Added.
    * fast/css/webkit-mask-crash-td-2-expected.txt: Added.
    * fast/css/webkit-mask-crash-td-2.html: Added.
    * fast/css/webkit-mask-crash-td-expected.txt: Added.
    * fast/css/webkit-mask-crash-td.html: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95685 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    3b543a32