https://bugs.webkit.org/show_bug.cgi?id=50151
Reviewed by Simon Fraser.
Test: fast/css/empty-webkit-mask-crash.html
The crash stems from the fact that FillLayer::hasImage would walk over the linked list
of FillLayers and return true if one had an image. This means that hasImage() is true
does not mean that image() is non-NULL on all FillLayers.
* rendering/RenderBox.cpp:
(WebCore::RenderBox::paintMaskImages): Simplify the logic by doing the hasImage() check up-front
and properly check image() for each FillLayers. This has the nice benefit of changing the complexity
from O(n^2) to O(n), which was what the code expected anyway.
LayoutTests: Test for: Crash in RenderBox::paintMaskImages due to a mask without an associated image
https://bugs.webkit.org/show_bug.cgi?id=50151
Reviewed by Simon Fraser.
* fast/css/empty-webkit-mask-crash-expected.png: Added.
* fast/css/empty-webkit-mask-crash-expected.txt: Added.
* fast/css/empty-webkit-mask-crash.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95235
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2011-09-15 Julien Chaffraix <jchaffraix@webkit.org>
+
+ Test for: Crash in RenderBox::paintMaskImages due to a mask without an associated image
+ https://bugs.webkit.org/show_bug.cgi?id=50151
+
+ Reviewed by Simon Fraser.
+
+ * fast/css/empty-webkit-mask-crash-expected.png: Added.
+ * fast/css/empty-webkit-mask-crash-expected.txt: Added.
+ * fast/css/empty-webkit-mask-crash.html: Added.
+
2011-09-15 Andy Estes <aestes@apple.com>
Having an empty listener to beforeload events changes the behavior of other scripts
--- /dev/null
+https://bugs.webkit.org/show_bug.cgi?id=50151 : Crash in RenderBox::paintMaskImages due to a mask without an associated image
+The test passes if it does not CRASH (normally the output is a white page)
--- /dev/null
+<script>
+ // We need to dump the image to get the crash but we don't care about the layout information.
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText(true);
+</script>
+<style>
+*{
+ -webkit-mask-image:none,none,url(x);
+}
+</style>
+<p style="position:absolute; top: -1000px">https://bugs.webkit.org/show_bug.cgi?id=50151 : Crash in RenderBox::paintMaskImages due to a mask without an associated image<br>
+The test passes if it does not CRASH (normally the output is a white page)</p>
+2011-09-15 Julien Chaffraix <jchaffraix@webkit.org>
+
+ Crash in RenderBox::paintMaskImages due to a mask without an associated image
+ https://bugs.webkit.org/show_bug.cgi?id=50151
+
+ Reviewed by Simon Fraser.
+
+ Test: fast/css/empty-webkit-mask-crash.html
+
+ The crash stems from the fact that FillLayer::hasImage would walk over the linked list
+ of FillLayers and return true if one had an image. This means that hasImage() is true
+ does not mean that image() is non-NULL on all FillLayers.
+
+ * rendering/RenderBox.cpp:
+ (WebCore::RenderBox::paintMaskImages): Simplify the logic by doing the hasImage() check up-front
+ and properly check image() for each FillLayers. This has the nice benefit of changing the complexity
+ from O(n^2) to O(n), which was what the code expected anyway.
+
2011-09-15 Eric Seidel <eric@webkit.org>
Remove ENABLE(SVG_AS_IMAGE) since all major ports have it on by default
if (!allMaskImagesLoaded)
pushTransparencyLayer = true;
- if (maskBoxImage && maskLayers->hasImage()) {
+ bool hasMaskLayerWithImage = maskLayers->hasImage();
+ if (maskBoxImage && hasMaskLayerWithImage) {
// We have a mask-box-image and mask-image, so need to composite them together before using the result as a mask.
pushTransparencyLayer = true;
- } else {
+ } else if (hasMaskLayerWithImage) {
// We have to use an extra image buffer to hold the mask. Multiple mask images need
// to composite together using source-over so that they can then combine into a single unified mask that
// can be composited with the content using destination-in. SVG images need to be able to set compositing modes
// We have to check that the mask images to be rendered contain at least one image that can be actually used in rendering
// before pushing the transparency layer.
for (const FillLayer* fillLayer = maskLayers->next(); fillLayer; fillLayer = fillLayer->next()) {
- if (fillLayer->hasImage() && fillLayer->image()->canRender(style()->effectiveZoom())) {
+ if (fillLayer->image() && fillLayer->image()->canRender(style()->effectiveZoom())) {
pushTransparencyLayer = true;
// We found one image that can be used in rendering, exit the loop
break;
projects / profile / ivi / webkit-efl.git / commitdiff
