2011-05-04 Simon Fraser <simon.fraser@apple.com>
authorsimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 May 2011 17:50:41 +0000 (17:50 +0000)
committersimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 May 2011 17:50:41 +0000 (17:50 +0000)
        Reviewed by Darin Adler.

        Avoid allocating a new image buffer in ~CanvasRenderingContext2D()
        https://bugs.webkit.org/show_bug.cgi?id=59849

        When attempting to unwind the graphics state stack in the
        CanvasRenderingContext2D destructor, don't allow HTMLCanvasElement
        to create a new ImageBuffer.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::existingDrawingContext):
        * html/HTMLCanvasElement.h:
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::~CanvasRenderingContext2D):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@85760 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/html/HTMLCanvasElement.cpp
Source/WebCore/html/HTMLCanvasElement.h
Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp

index a37b3ae..fa51a65 100644 (file)
@@ -1,3 +1,20 @@
+2011-05-04  Simon Fraser  <simon.fraser@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Avoid allocating a new image buffer in ~CanvasRenderingContext2D()
+        https://bugs.webkit.org/show_bug.cgi?id=59849
+
+        When attempting to unwind the graphics state stack in the
+        CanvasRenderingContext2D destructor, don't allow HTMLCanvasElement
+        to create a new ImageBuffer.
+
+        * html/HTMLCanvasElement.cpp:
+        (WebCore::HTMLCanvasElement::existingDrawingContext):
+        * html/HTMLCanvasElement.h:
+        * html/canvas/CanvasRenderingContext2D.cpp:
+        (WebCore::CanvasRenderingContext2D::~CanvasRenderingContext2D):
+
 2011-05-04  Andrey Kosyakov  <caseq@chromium.org>
 
         Reviewed by Yury Semikhatsky.
index 774526b..d416562 100644 (file)
@@ -450,6 +450,14 @@ GraphicsContext* HTMLCanvasElement::drawingContext() const
     return buffer() ? m_imageBuffer->context() : 0;
 }
 
+GraphicsContext* HTMLCanvasElement::existingDrawingContext() const
+{
+    if (!m_hasCreatedImageBuffer)
+        return 0;
+
+    return drawingContext();
+}
+
 ImageBuffer* HTMLCanvasElement::buffer() const
 {
     if (!m_hasCreatedImageBuffer)
index 207c384..97d55cc 100644 (file)
@@ -100,6 +100,7 @@ public:
     void paint(GraphicsContext*, const IntRect&);
 
     GraphicsContext* drawingContext() const;
+    GraphicsContext* existingDrawingContext() const;
 
     CanvasRenderingContext* renderingContext() const { return m_context.get(); }
 
index 3cdf61e..7500854 100644 (file)
@@ -154,7 +154,7 @@ CanvasRenderingContext2D::~CanvasRenderingContext2D()
     // is cleared before destruction, to avoid assertions in the
     // GraphicsContext dtor.
     if (size_t stackSize = m_stateStack.size()) {
-        if (GraphicsContext* context = drawingContext()) {
+        if (GraphicsContext* context = canvas()->existingDrawingContext()) {
             while (--stackSize)
                 context->restore();
         }