<https://bugs.webkit.org/show_bug.cgi?id=62666>
authorsullivan@apple.com <sullivan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 14 Jun 2011 22:18:05 +0000 (22:18 +0000)
committersullivan@apple.com <sullivan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 14 Jun 2011 22:18:05 +0000 (22:18 +0000)
<rdar://problem/9606676>
Callers should be robust against WebImage::create() returning an image with a null snapshot

Reviewed by Dan Bernstein.

* Shared/API/c/cg/WKImageCG.cpp:
(WKImageCreateCGImage):
Return 0 if no bitmap was created.
(WKImageCreateFromCGImage):
Ditto.

* Shared/UserMessageCoders.h:
(WebKit::UserMessageEncoder::baseEncode):
Check for null before dereferencing image->bitmap() in two places.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::snapshotInViewCoordinates):
Return 0 if no bitmap was created.
(WebKit::WebPage::scaledSnapshotInDocumentCoordinates):
Ditto.
(WebKit::WebPage::createSnapshotOfVisibleContent):
Bail out if no bitmap was created.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@88856 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/Shared/API/c/cg/WKImageCG.cpp
Source/WebKit2/Shared/UserMessageCoders.h
Source/WebKit2/WebProcess/WebPage/WebPage.cpp

index 4260caad165e50eb3be21ca65aa2c42d927cee33..b7f84285fb9313d99f3432a866c8587a5b2c3745 100644 (file)
@@ -1,3 +1,29 @@
+2011-06-14  John Sullivan  <sullivan@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=62666>
+        <rdar://problem/9606676>
+        Callers should be robust against WebImage::create() returning an image with a null snapshot
+
+        * Shared/API/c/cg/WKImageCG.cpp:
+        (WKImageCreateCGImage):
+        Return 0 if no bitmap was created.
+        (WKImageCreateFromCGImage):
+        Ditto.
+        
+        * Shared/UserMessageCoders.h:
+        (WebKit::UserMessageEncoder::baseEncode):
+        Check for null before dereferencing image->bitmap() in two places.
+        
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::snapshotInViewCoordinates):
+        Return 0 if no bitmap was created.
+        (WebKit::WebPage::scaledSnapshotInDocumentCoordinates):
+        Ditto.
+        (WebKit::WebPage::createSnapshotOfVisibleContent):
+        Bail out if no bitmap was created.
+
 2011-06-14  Anders Carlsson  <andersca@apple.com>
 
         Reviewed by Darin Adler.
index 7af747e219118c7f6e50be4b4eb96fccd562b1be..87663115b4360e2f8bdc41c200daf02d0578b82a 100644 (file)
@@ -36,13 +36,26 @@ using namespace WebCore;
 
 CGImageRef WKImageCreateCGImage(WKImageRef imageRef)
 {
-    return toImpl(imageRef)->bitmap()->makeCGImageCopy().leakRef();
+    if (!imageRef)
+        return 0;
+    
+    WebImage* webImage = toImpl(imageRef);
+    if (!webImage || !webImage->bitmap())
+        return 0;
+    
+    return webImage->bitmap()->makeCGImageCopy().leakRef();
 }
 
 WKImageRef WKImageCreateFromCGImage(CGImageRef imageRef, WKImageOptions options)
 {
+    if (!imageRef)
+        return 0;
+    
     IntSize imageSize(CGImageGetWidth(imageRef), CGImageGetHeight(imageRef));
     RefPtr<WebImage> webImage = WebImage::create(imageSize, toImageOptions(options));
+    if (!webImage || !webImage->bitmap())
+        return 0;
+    
     OwnPtr<GraphicsContext> graphicsContext = webImage->bitmap()->createGraphicsContext();
     CGContextDrawImage(graphicsContext->platformContext(), CGRectMake(0, 0, imageSize.width(), imageSize.height()), imageRef);
     return toAPI(webImage.release().leakRef());
index ad72493e559eb3afbe9c36dbb0e1199f246e8a3e..2bec5f1b590bf5143a56d2517178c43203938ae5 100644 (file)
@@ -127,13 +127,13 @@ public:
         }
         case APIObject::TypeImage: {
             WebImage* image = static_cast<WebImage*>(m_root);
-            if (!image->bitmap()->isBackedBySharedMemory()) {
+            if (!image->bitmap() || !image->bitmap()->isBackedBySharedMemory()) {
                 encoder->encode(false);
                 return true;
             }
 
             ShareableBitmap::Handle handle;
-            if (!image->bitmap()->createHandle(handle))
+            if (!image->bitmap() || !image->bitmap()->createHandle(handle))
                 return false;
 
             encoder->encode(true);
index 96cea83d0af8465eb964c91407fdc5586c1195ae..f35959bafe1c68814c7b0f4d7fff70a5abc1d971 100644 (file)
@@ -875,6 +875,9 @@ PassRefPtr<WebImage> WebPage::snapshotInViewCoordinates(const IntRect& rect, Ima
     frameView->setPaintBehavior(oldBehavior | PaintBehaviorFlattenCompositingLayers);
 
     RefPtr<WebImage> snapshot = WebImage::create(rect.size(), options);
+    if (!snapshot->bitmap())
+        return 0;
+    
     OwnPtr<WebCore::GraphicsContext> graphicsContext = snapshot->bitmap()->createGraphicsContext();
 
     graphicsContext->save();
@@ -904,6 +907,9 @@ PassRefPtr<WebImage> WebPage::scaledSnapshotInDocumentCoordinates(const IntRect&
         size = IntSize(ceil(rect.width() * scaleFactor), ceil(rect.height() * scaleFactor));
 
     RefPtr<WebImage> snapshot = WebImage::create(size, options);
+    if (!snapshot->bitmap())
+        return 0;
+    
     OwnPtr<WebCore::GraphicsContext> graphicsContext = snapshot->bitmap()->createGraphicsContext();
     graphicsContext->save();
     
@@ -929,8 +935,12 @@ void WebPage::createSnapshotOfVisibleContent(ShareableBitmap::Handle& snapshotHa
     FrameView* frameView = m_mainFrame->coreFrame()->view();
     if (!frameView)
         return;
+    
     IntRect contentRect = frameView->visibleContentRect(false);
     RefPtr<WebImage> snapshotImage = scaledSnapshotInDocumentCoordinates(contentRect, 1, ImageOptionsShareable);
+    if (!snapshotImage->bitmap())
+        return;
+    
     snapshotImage->bitmap()->createHandle(snapshotHandle);
 }