https://bugs.webkit.org/show_bug.cgi?id=68630
Patch by Sergey Glazunov <serg.glazunov@gmail.com> on 2011-09-22
Reviewed by Adam Barth.
Source/WebCore:
Test: fast/canvas/webgl/shader-deleted-by-accessor.html
* bindings/js/JSWebGLRenderingContextCustom.cpp:
(WebCore::JSWebGLRenderingContext::getAttachedShaders):
* bindings/v8/custom/V8WebGLRenderingContextCustom.cpp:
(WebCore::V8WebGLRenderingContext::getAttachedShadersCallback):
* html/canvas/WebGLRenderingContext.cpp:
(WebCore::WebGLRenderingContext::getAttachedShaders):
* html/canvas/WebGLRenderingContext.h:
LayoutTests:
* fast/canvas/webgl/shader-deleted-by-accessor-expected.txt: Added.
* fast/canvas/webgl/shader-deleted-by-accessor.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95728
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2011-09-22 Sergey Glazunov <serg.glazunov@gmail.com>
+
+ Ref protect shaders in V8WebGLRenderingContext::getAttachedShadersCallback
+ https://bugs.webkit.org/show_bug.cgi?id=68630
+
+ Reviewed by Adam Barth.
+
+ * fast/canvas/webgl/shader-deleted-by-accessor-expected.txt: Added.
+ * fast/canvas/webgl/shader-deleted-by-accessor.html: Added.
+
2011-09-22 Robert Hogan <robert@webkit.org>
Unreviewed, platform-specific results for r95721.
--- /dev/null
+Verifies that WebGLRenderingContext::getAttachedShaders doesn't crash when an accessor property is defined on Array.prototype.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
--- /dev/null
+<html>
+<head>
+<link rel="stylesheet" href="../../js/resources/js-test-style.css"/>
+<script src="../../js/resources/js-test-pre.js"></script>
+<script src="resources/webgl-test.js"></script>
+<script src="resources/webgl-test-utils.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+
+<script>
+function gc()
+{
+ if (window.GCController)
+ return GCController.collect();
+
+ for (var i = 0; i < 10000; ++i)
+ var s = new String("AAAA");
+}
+
+description("Verifies that WebGLRenderingContext::getAttachedShaders doesn't crash when an accessor property is defined on Array.prototype.");
+
+context = create3DContext();
+program = context.createProgram();
+
+shader1 = context.createShader(context.VERTEX_SHADER);
+context.attachShader(program, shader1);
+
+for (var i = 0; i < 10; ++i) {
+ shader2 = context.createShader(context.FRAGMENT_SHADER);
+ context.attachShader(program, shader2);
+
+ Array.prototype.__defineSetter__(0, function() {
+ context.detachShader(program, shader2);
+ context.deleteShader(shader2);
+ shader2 = null;
+ gc();
+ });
+
+ shaders = context.getAttachedShaders(program);
+ context.getShaderParameter(shaders[1], 0);
+}
+
+successfullyParsed = true;
+</script>
+
+<script src="../../js/resources/js-test-post.js"></script>
+</body>
+</html>
+
+2011-09-22 Sergey Glazunov <serg.glazunov@gmail.com>
+
+ Ref protect shaders in V8WebGLRenderingContext::getAttachedShadersCallback
+ https://bugs.webkit.org/show_bug.cgi?id=68630
+
+ Reviewed by Adam Barth.
+
+ Test: fast/canvas/webgl/shader-deleted-by-accessor.html
+
+ * bindings/js/JSWebGLRenderingContextCustom.cpp:
+ (WebCore::JSWebGLRenderingContext::getAttachedShaders):
+ * bindings/v8/custom/V8WebGLRenderingContextCustom.cpp:
+ (WebCore::V8WebGLRenderingContext::getAttachedShadersCallback):
+ * html/canvas/WebGLRenderingContext.cpp:
+ (WebCore::WebGLRenderingContext::getAttachedShaders):
+ * html/canvas/WebGLRenderingContext.h:
+
2011-09-05 Robert Hogan <robert@webkit.org>
CSS 2.1 failure: abspos-non-replaced-width-margin-000, abspos-replaced-width-margin-000
WebGLProgram* program = toWebGLProgram(exec->argument(0));
if (exec->hadException())
return jsNull();
- Vector<WebGLShader*> shaders;
+ Vector<RefPtr<WebGLShader> > shaders;
bool succeed = context->getAttachedShaders(program, shaders, ec);
if (ec) {
setDOMException(exec, ec);
return jsNull();
MarkedArgumentBuffer list;
for (size_t ii = 0; ii < shaders.size(); ++ii)
- list.append(toJS(exec, globalObject(), shaders[ii]));
+ list.append(toJS(exec, globalObject(), shaders[ii].get()));
return constructArray(exec, globalObject(), list);
}
return notHandledByInterceptor();
}
WebGLProgram* program = V8WebGLProgram::HasInstance(args[0]) ? V8WebGLProgram::toNative(v8::Handle<v8::Object>::Cast(args[0])) : 0;
- Vector<WebGLShader*> shaders;
+ Vector<RefPtr<WebGLShader> > shaders;
bool succeed = context->getAttachedShaders(program, shaders, ec);
if (ec) {
V8Proxy::setDOMException(ec);
return v8::Null();
v8::Local<v8::Array> array = v8::Array::New(shaders.size());
for (size_t ii = 0; ii < shaders.size(); ++ii)
- array->Set(v8::Integer::New(ii), toV8(shaders[ii]));
+ array->Set(v8::Integer::New(ii), toV8(shaders[ii].get()));
return array;
}
return WebGLActiveInfo::create(info.name, info.type, info.size);
}
-bool WebGLRenderingContext::getAttachedShaders(WebGLProgram* program, Vector<WebGLShader*>& shaderObjects, ExceptionCode& ec)
+bool WebGLRenderingContext::getAttachedShaders(WebGLProgram* program, Vector<RefPtr<WebGLShader> >& shaderObjects, ExceptionCode& ec)
{
UNUSED_PARAM(ec);
shaderObjects.clear();
PassRefPtr<WebGLActiveInfo> getActiveAttrib(WebGLProgram*, GC3Duint index, ExceptionCode&);
PassRefPtr<WebGLActiveInfo> getActiveUniform(WebGLProgram*, GC3Duint index, ExceptionCode&);
- bool getAttachedShaders(WebGLProgram*, Vector<WebGLShader*>&, ExceptionCode&);
+ bool getAttachedShaders(WebGLProgram*, Vector<RefPtr<WebGLShader> >&, ExceptionCode&);
GC3Dint getAttribLocation(WebGLProgram*, const String& name);
WebGLGetInfo getBufferParameter(GC3Denum target, GC3Denum pname, ExceptionCode&);
PassRefPtr<WebGLContextAttributes> getContextAttributes();
projects / profile / ivi / webkit-efl.git / commitdiff