Crash in WebCore::GraphicsContext::paintingDisabled
authorschenney@chromium.org <schenney@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 13 Mar 2012 15:14:57 +0000 (15:14 +0000)
committerschenney@chromium.org <schenney@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 13 Mar 2012 15:14:57 +0000 (15:14 +0000)
commit6a57a0e935dc6bd3a6ae832a5a9ab44bb186eb15
tree2e7b0e9b4ea0bdc8bbd62c460d2b6fcd979fd757
parent742392917fbe3c781fdbdeba7b3228a618c5781b
Crash in WebCore::GraphicsContext::paintingDisabled
https://bugs.webkit.org/show_bug.cgi?id=80669

Reviewed by Nikolas Zimmermann.

Source/WebCore:

The SVGImageBufferTools::clipToImageBuffer method deletes the clip
image when it thinks it is not needed. However, there are cases when
it is in fact still needed, particularly when the clip buffer is
coming from higher up in the stack where it may be needed again.

So this patch adds a flag to only allow deletion of the image buffer
if it was created at the most recent call site.

Tests: svg/custom/circular-clip-path-references-crash-expected.svg
       svg/custom/circular-clip-path-references-crash.svg

* rendering/svg/RenderSVGResourceClipper.cpp:
(WebCore::RenderSVGResourceClipper::applyClippingToContext):
* rendering/svg/RenderSVGResourceGradient.cpp:
(WebCore::clipToTextMask):
* rendering/svg/RenderSVGResourceMasker.cpp:
(WebCore::RenderSVGResourceMasker::applyResource):
* rendering/svg/SVGImageBufferTools.cpp:
(WebCore::SVGImageBufferTools::clipToImageBuffer):
* rendering/svg/SVGImageBufferTools.h:
(SVGImageBufferTools):

LayoutTests:

* svg/custom/circular-clip-path-references-crash-expected.svg: Added.
* svg/custom/circular-clip-path-references-crash.svg: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@110563 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/svg/custom/circular-clip-path-references-crash-expected.svg [new file with mode: 0644]
LayoutTests/svg/custom/circular-clip-path-references-crash.svg [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/svg/RenderSVGResourceClipper.cpp
Source/WebCore/rendering/svg/RenderSVGResourceGradient.cpp
Source/WebCore/rendering/svg/RenderSVGResourceMasker.cpp
Source/WebCore/rendering/svg/SVGImageBufferTools.cpp
Source/WebCore/rendering/svg/SVGImageBufferTools.h