Title: [114467] trunk/Source/WebCore
- Revision
- 114467
- Author
- [email protected]
- Date
- 2012-04-17 17:19:40 -0700 (Tue, 17 Apr 2012)
Log Message
Regression(114172): Use after free in CustomFilterProgram::notifyClients
https://bugs.webkit.org/show_bug.cgi?id=84000
Reviewed by Dean Jackson.
The function returned early and the shaders didn't have a chance to be saved. Moving
those two lines before the return false just to make sure that FilterEffectRenderer never adds
itself as a client for a shader without keeping track of that.
No new tests. The problem reproduces with existing tests.
css3/filters/custom/custom-filter-property-computed-style.html
css3/filters/custom/effect-custom-combined-missing.html
* rendering/FilterEffectRenderer.cpp:
(WebCore::FilterEffectRenderer::build):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (114466 => 114467)
--- trunk/Source/WebCore/ChangeLog 2012-04-17 23:44:22 UTC (rev 114466)
+++ trunk/Source/WebCore/ChangeLog 2012-04-18 00:19:40 UTC (rev 114467)
@@ -1,3 +1,21 @@
+2012-04-16 Alexandru Chiculita <[email protected]>
+
+ Regression(114172): Use after free in CustomFilterProgram::notifyClients
+ https://bugs.webkit.org/show_bug.cgi?id=84000
+
+ Reviewed by Dean Jackson.
+
+ The function returned early and the shaders didn't have a chance to be saved. Moving
+ those two lines before the return false just to make sure that FilterEffectRenderer never adds
+ itself as a client for a shader without keeping track of that.
+
+ No new tests. The problem reproduces with existing tests.
+ css3/filters/custom/custom-filter-property-computed-style.html
+ css3/filters/custom/effect-custom-combined-missing.html
+
+ * rendering/FilterEffectRenderer.cpp:
+ (WebCore::FilterEffectRenderer::build):
+
2012-04-17 Alec Flett <[email protected]>
IndexedDB chooses wrong record on PREV_NO_DUPLICATE index cursor
Modified: trunk/Source/WebCore/rendering/FilterEffectRenderer.cpp (114466 => 114467)
--- trunk/Source/WebCore/rendering/FilterEffectRenderer.cpp 2012-04-17 23:44:22 UTC (rev 114466)
+++ trunk/Source/WebCore/rendering/FilterEffectRenderer.cpp 2012-04-18 00:19:40 UTC (rev 114467)
@@ -291,6 +291,11 @@
}
}
+#if ENABLE(CSS_SHADERS) && ENABLE(WEBGL)
+ removeCustomFilterClients();
+ m_cachedCustomFilterPrograms.swap(cachedCustomFilterPrograms);
+#endif
+
// If we didn't make any effects, tell our caller we are not valid
if (!previousEffect)
return false;
@@ -298,10 +303,6 @@
m_effects.first()->inputEffects().append(m_sourceGraphic);
setMaxEffectRects(m_sourceDrawingRegion);
-#if ENABLE(CSS_SHADERS) && ENABLE(WEBGL)
- removeCustomFilterClients();
- m_cachedCustomFilterPrograms.swap(cachedCustomFilterPrograms);
-#endif
return true;
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
