| commit | 0989e909f5925c06a8e8fe4962d959f5506c65c3 | |
| author | jer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> | |
| Mon, 29 Oct 2018 19:08:24 +0000 (29 19:08 +0000) | ||
| committer | jer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> | |
| Mon, 29 Oct 2018 19:08:24 +0000 (29 19:08 +0000) | ||
| tree | 887d165fd62c744c92b6f283c3399a711791e7e4 | treesnapshot (tar.gz zip) |
| parent | 21c379a8d9ada0c5ea873939a5ec97886260fbd1 | commitdiff |
CRASH in CoreGraphics: ERROR_CGDataProvider_BufferIsNotBigEnough
https://bugs.webkit.org/show_bug.cgi?id=190954
Reviewed by Simon Fraser.
Source/WebCore:
Crash analyitics show that WebProcess will crash in ERROR_CGDataProvider_BufferIsNotBigEnough,
which attempts to fetch the last byte in the image buffer in order to verify that the entire
buffer is readable. Unfortunately, the stack trace generated by this crash does not identify
what CGDataProvider is responsible for the not-big-enough buffer. In order to identify which
CGDataProvider created by WebKit is responsible (if any), we will add our own version of
ERROR_CGDataProvider_BufferIsNotBigEnough, called at CGDataProvider creation time, which should
generate a crash within the responsible stack frame.
(This assumes that the issue is the wrong sized buffer at CGDataProvider creation time, and not
that the buffer itself is reclaimed between creation time and access.)
* WebCore.xcodeproj/project.pbxproj:
* platform/graphics/cg/GraphicsContext3DCG.cpp:
(WebCore::GraphicsContext3D::paintToCanvas):
* platform/graphics/cg/ImageBufferCG.cpp:
(WebCore::ImageBuffer::ImageBuffer):
(WebCore::ImageBuffer::toCFData const):
(WebCore::cfData):
* platform/graphics/cocoa/WebGLLayer.mm:
(-[WebGLLayer copyImageSnapshotWithColorSpace:]):
* platform/graphics/cv/PixelBufferConformerCV.cpp:
(WebCore::CVPixelBufferGetBytePointerCallback):
(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):
* platform/graphics/cg/ImageUtilitiesCG.h: Added.
(WebCore::verifyImageBufferIsBigEnough):
Source/WebKit:
* Shared/cg/ShareableBitmapCG.cpp:
(WebKit::ShareableBitmap::makeCGImage):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@237559 268f45cc-cd09-0410-ab3c-d52691b4dbfc
https://bugs.webkit.org/show_bug.cgi?id=190954
Reviewed by Simon Fraser.
Source/WebCore:
Crash analyitics show that WebProcess will crash in ERROR_CGDataProvider_BufferIsNotBigEnough,
which attempts to fetch the last byte in the image buffer in order to verify that the entire
buffer is readable. Unfortunately, the stack trace generated by this crash does not identify
what CGDataProvider is responsible for the not-big-enough buffer. In order to identify which
CGDataProvider created by WebKit is responsible (if any), we will add our own version of
ERROR_CGDataProvider_BufferIsNotBigEnough, called at CGDataProvider creation time, which should
generate a crash within the responsible stack frame.
(This assumes that the issue is the wrong sized buffer at CGDataProvider creation time, and not
that the buffer itself is reclaimed between creation time and access.)
* WebCore.xcodeproj/project.pbxproj:
* platform/graphics/cg/GraphicsContext3DCG.cpp:
(WebCore::GraphicsContext3D::paintToCanvas):
* platform/graphics/cg/ImageBufferCG.cpp:
(WebCore::ImageBuffer::ImageBuffer):
(WebCore::ImageBuffer::toCFData const):
(WebCore::cfData):
* platform/graphics/cocoa/WebGLLayer.mm:
(-[WebGLLayer copyImageSnapshotWithColorSpace:]):
* platform/graphics/cv/PixelBufferConformerCV.cpp:
(WebCore::CVPixelBufferGetBytePointerCallback):
(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):
* platform/graphics/cg/ImageUtilitiesCG.h: Added.
(WebCore::verifyImageBufferIsBigEnough):
Source/WebKit:
* Shared/cg/ShareableBitmapCG.cpp:
(WebKit::ShareableBitmap::makeCGImage):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@237559 268f45cc-cd09-0410-ab3c-d52691b4dbfc