Commit 55d95a28 authored by achicu@adobe.com's avatar achicu@adobe.com
Browse files

Regression(114172): Use after free in CustomFilterProgram::notifyClients

https://bugs.webkit.org/show_bug.cgi?id=84000

Reviewed by Dean Jackson.

The function returned early and the shaders didn't have a chance to be saved. Moving
those two lines before the return false just to make sure that FilterEffectRenderer never adds
itself as a client for a shader without keeping track of that.

No new tests. The problem reproduces with existing tests.
css3/filters/custom/custom-filter-property-computed-style.html
css3/filters/custom/effect-custom-combined-missing.html

* rendering/FilterEffectRenderer.cpp:
(WebCore::FilterEffectRenderer::build):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@114467 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 6ce69762
2012-04-16 Alexandru Chiculita <achicu@adobe.com>
Regression(114172): Use after free in CustomFilterProgram::notifyClients
https://bugs.webkit.org/show_bug.cgi?id=84000
Reviewed by Dean Jackson.
The function returned early and the shaders didn't have a chance to be saved. Moving
those two lines before the return false just to make sure that FilterEffectRenderer never adds
itself as a client for a shader without keeping track of that.
No new tests. The problem reproduces with existing tests.
css3/filters/custom/custom-filter-property-computed-style.html
css3/filters/custom/effect-custom-combined-missing.html
* rendering/FilterEffectRenderer.cpp:
(WebCore::FilterEffectRenderer::build):
2012-04-17 Alec Flett <alecflett@chromium.org>
 
IndexedDB chooses wrong record on PREV_NO_DUPLICATE index cursor
......@@ -291,6 +291,11 @@ bool FilterEffectRenderer::build(Document* document, const FilterOperations& ope
}
}
#if ENABLE(CSS_SHADERS) && ENABLE(WEBGL)
removeCustomFilterClients();
m_cachedCustomFilterPrograms.swap(cachedCustomFilterPrograms);
#endif
// If we didn't make any effects, tell our caller we are not valid
if (!previousEffect)
return false;
......@@ -298,10 +303,6 @@ bool FilterEffectRenderer::build(Document* document, const FilterOperations& ope
m_effects.first()->inputEffects().append(m_sourceGraphic);
setMaxEffectRects(m_sourceDrawingRegion);
#if ENABLE(CSS_SHADERS) && ENABLE(WEBGL)
removeCustomFilterClients();
m_cachedCustomFilterPrograms.swap(cachedCustomFilterPrograms);
#endif
return true;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment