[BlackBerry] Browser crashed at PlatformGraphicsContext::addDrawLineForText() when...
authorzhajiang@rim.com <zhajiang@rim.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 25 Oct 2013 18:42:41 +0000 (18:42 +0000)
committerzhajiang@rim.com <zhajiang@rim.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 25 Oct 2013 18:42:41 +0000 (18:42 +0000)
https://bugs.webkit.org/show_bug.cgi?id=123349

Patch by Jacky Jiang <zhajiang@blackberry.com> on 2013-10-25.
Reviewed by George Staikos.
Internally reviewed by George Staikos, Konrad Piascik, Eli Fidler and Arvid Nilsson.

Browser crashed when dereferencing null PlatformGraphicsContext*.
In FrameView::paintControlTints(), we intentionally constructed GraphicsContext
with null PlatformGraphicsContext* and disabled painting by doing
context.setUpdatingControlTints(true). So we should not go further in
GraphicsContext::drawLineForText() if painting is disabled.
Check paintingDisabled() for the other functions in PathBlackBerry.cpp
as well; otherwise, it is likely we will crash at those places.

* platform/graphics/blackberry/PathBlackBerry.cpp:
(WebCore::GraphicsContext::fillPath):
(WebCore::GraphicsContext::strokePath):
(WebCore::GraphicsContext::drawLine):
(WebCore::GraphicsContext::drawLineForDocumentMarker):
(WebCore::GraphicsContext::drawLineForText):
(WebCore::GraphicsContext::clip):
(WebCore::GraphicsContext::clipPath):
(WebCore::GraphicsContext::canvasClip):
(WebCore::GraphicsContext::clipOut):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@158030 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/blackberry/PathBlackBerry.cpp

index b44ac94..52ecf87 100644 (file)
@@ -1,3 +1,30 @@
+2013-10-25  Jacky Jiang  <zhajiang@blackberry.com>
+
+        [BlackBerry] Browser crashed at PlatformGraphicsContext::addDrawLineForText() when trying to upload a video to youtube
+        https://bugs.webkit.org/show_bug.cgi?id=123349
+
+        Reviewed by George Staikos.
+        Internally reviewed by George Staikos, Konrad Piascik, Eli Fidler and Arvid Nilsson.
+
+        Browser crashed when dereferencing null PlatformGraphicsContext*.
+        In FrameView::paintControlTints(), we intentionally constructed GraphicsContext
+        with null PlatformGraphicsContext* and disabled painting by doing
+        context.setUpdatingControlTints(true). So we should not go further in
+        GraphicsContext::drawLineForText() if painting is disabled.
+        Check paintingDisabled() for the other functions in PathBlackBerry.cpp
+        as well; otherwise, it is likely we will crash at those places.
+
+        * platform/graphics/blackberry/PathBlackBerry.cpp:
+        (WebCore::GraphicsContext::fillPath):
+        (WebCore::GraphicsContext::strokePath):
+        (WebCore::GraphicsContext::drawLine):
+        (WebCore::GraphicsContext::drawLineForDocumentMarker):
+        (WebCore::GraphicsContext::drawLineForText):
+        (WebCore::GraphicsContext::clip):
+        (WebCore::GraphicsContext::clipPath):
+        (WebCore::GraphicsContext::canvasClip):
+        (WebCore::GraphicsContext::clipOut):
+
 2013-10-25  Thiago de Barros Lacerda  <thiago.lacerda@openbossa.org>
 
         Adding platform implementation of MediaStreamTrack
index 1986b3f..ac6d6ba 100644 (file)
@@ -214,21 +214,23 @@ void Path::transform(const AffineTransform& transformation)
 void GraphicsContext::fillPath(const Path& path)
 {
     BlackBerry::Platform::Graphics::Path* pp = path.platformPath();
-    if (!pp->isEmpty()) {
-        BlackBerry::Platform::Graphics::Gradient* platformGradient = fillGradient() ? fillGradient()->platformGradient() : 0;
-        BlackBerry::Platform::Graphics::Pattern* platformPattern = fillPattern() ? fillPattern()->platformPattern(AffineTransform()) : 0;
-        platformContext()->addFillPath(*pp, (BlackBerry::Platform::Graphics::WindRule)m_state.fillRule, platformGradient, platformPattern);
-    }
+    if (pp->isEmpty() || paintingDisabled())
+        return;
+
+    BlackBerry::Platform::Graphics::Gradient* platformGradient = fillGradient() ? fillGradient()->platformGradient() : 0;
+    BlackBerry::Platform::Graphics::Pattern* platformPattern = fillPattern() ? fillPattern()->platformPattern(AffineTransform()) : 0;
+    platformContext()->addFillPath(*pp, (BlackBerry::Platform::Graphics::WindRule)m_state.fillRule, platformGradient, platformPattern);
 }
 
 void GraphicsContext::strokePath(const Path& path)
 {
     BlackBerry::Platform::Graphics::Path* pp = path.platformPath();
-    if (!pp->isEmpty()) {
-        BlackBerry::Platform::Graphics::Gradient* gradient = strokeGradient() ? strokeGradient()->platformGradient() : 0;
-        BlackBerry::Platform::Graphics::Pattern* pattern = strokePattern() ? strokePattern()->platformPattern(AffineTransform()) : 0;
-        platformContext()->addStrokePath(*pp, gradient, pattern);
-    }
+    if (pp->isEmpty() || paintingDisabled())
+        return;
+
+    BlackBerry::Platform::Graphics::Gradient* gradient = strokeGradient() ? strokeGradient()->platformGradient() : 0;
+    BlackBerry::Platform::Graphics::Pattern* pattern = strokePattern() ? strokePattern()->platformPattern(AffineTransform()) : 0;
+    platformContext()->addStrokePath(*pp, gradient, pattern);
 }
 
 void GraphicsContext::drawFocusRing(const Vector<IntRect>&, int, int, const Color&)
@@ -243,6 +245,9 @@ void GraphicsContext::drawFocusRing(const Path&, int, int, const Color&)
 
 void GraphicsContext::drawLine(const IntPoint& from, const IntPoint& to)
 {
+    if (paintingDisabled())
+        return;
+
     platformContext()->addDrawLine(from, to);
 }
 
@@ -252,23 +257,35 @@ void GraphicsContext::updateDocumentMarkerResources()
 
 void GraphicsContext::drawLineForDocumentMarker(const FloatPoint& pt, float width, DocumentMarkerLineStyle style)
 {
+    if (paintingDisabled())
+        return;
+
     platformContext()->addDrawLineForDocumentMarker(pt, width, (BlackBerry::Platform::Graphics::DocumentMarkerLineStyle)style);
 }
 
 void GraphicsContext::drawLineForText(const FloatPoint& pt, float width, bool printing)
 {
+    if (paintingDisabled())
+        return;
+
     platformContext()->addDrawLineForText(pt, width, printing);
 }
 
 // FIXME: don't ignore the winding rule. https://bugs.webkit.org/show_bug.cgi?id=107064
 void GraphicsContext::clip(const Path& path, WindRule)
 {
+    if (paintingDisabled())
+        return;
+
     BlackBerry::Platform::Graphics::Path* pp = path.platformPath();
     pp->applyAsClip(platformContext());
 }
 
 void GraphicsContext::clipPath(const Path& path, WindRule)
 {
+    if (paintingDisabled())
+        return;
+
     if (path.platformPath()->isRectangular())
         platformContext()->clip(path.boundingRect());
     else
@@ -277,11 +294,17 @@ void GraphicsContext::clipPath(const Path& path, WindRule)
 
 void GraphicsContext::canvasClip(const Path& path, WindRule fillRule)
 {
+    if (paintingDisabled())
+        return;
+
     clip(path, fillRule);
 }
 
 void GraphicsContext::clipOut(const Path& path)
 {
+    if (paintingDisabled())
+        return;
+
     BlackBerry::Platform::Graphics::Path* pp = path.platformPath();
     pp->applyAsClipOut(platformContext());
 }