CRASH in CoreGraphics: ERROR_CGDataProvider_BufferIsNotBigEnough
authorjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 29 Oct 2018 19:08:24 +0000 (19:08 +0000)
committerjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 29 Oct 2018 19:08:24 +0000 (19:08 +0000)
commit8a935325e655b48724ccd5edf33c76d148ad04da
tree887d165fd62c744c92b6f283c3399a711791e7e4
parentd7cbd366350a9894e7921de938fb4146a07bcd33
CRASH in CoreGraphics: ERROR_CGDataProvider_BufferIsNotBigEnough
https://bugs.webkit.org/show_bug.cgi?id=190954

Reviewed by Simon Fraser.

Source/WebCore:

Crash analyitics show that WebProcess will crash in ERROR_CGDataProvider_BufferIsNotBigEnough,
which attempts to fetch the last byte in the image buffer in order to verify that the entire
buffer is readable. Unfortunately, the stack trace generated by this crash does not identify
what CGDataProvider is responsible for the not-big-enough buffer. In order to identify which
CGDataProvider created by WebKit is responsible (if any), we will add our own version of
ERROR_CGDataProvider_BufferIsNotBigEnough, called at CGDataProvider creation time, which should
generate a crash within the responsible stack frame.

(This assumes that the issue is the wrong sized buffer at CGDataProvider creation time, and not
that the buffer itself is reclaimed between creation time and access.)

* WebCore.xcodeproj/project.pbxproj:
* platform/graphics/cg/GraphicsContext3DCG.cpp:
(WebCore::GraphicsContext3D::paintToCanvas):
* platform/graphics/cg/ImageBufferCG.cpp:
(WebCore::ImageBuffer::ImageBuffer):
(WebCore::ImageBuffer::toCFData const):
(WebCore::cfData):
* platform/graphics/cocoa/WebGLLayer.mm:
(-[WebGLLayer copyImageSnapshotWithColorSpace:]):
* platform/graphics/cv/PixelBufferConformerCV.cpp:
(WebCore::CVPixelBufferGetBytePointerCallback):
(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):
* platform/graphics/cg/ImageUtilitiesCG.h: Added.
(WebCore::verifyImageBufferIsBigEnough):

Source/WebKit:

* Shared/cg/ShareableBitmapCG.cpp:
(WebKit::ShareableBitmap::makeCGImage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@237559 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/platform/graphics/cg/GraphicsContext3DCG.cpp
Source/WebCore/platform/graphics/cg/ImageBufferCG.cpp
Source/WebCore/platform/graphics/cg/ImageBufferUtilitiesCG.cpp [new file with mode: 0644]
Source/WebCore/platform/graphics/cg/ImageBufferUtilitiesCG.h [new file with mode: 0644]
Source/WebCore/platform/graphics/cocoa/WebGLLayer.mm
Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp
Source/WebKit/ChangeLog
Source/WebKit/Shared/cg/ShareableBitmapCG.cpp