BitmapImage::imageForDefaultFrame() doesn't check, whether frame can be decoded #8
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
November 20, 2014 10:59
…be decoded. Corrupted image can cause crash code is just hotfix
scheib
pushed a commit
to scheib/blink
that referenced
this pull request
Jan 27, 2015
…eping (patchset nwjs#8 id:130001 of https://codereview.chromium.org/818253005/) Reason for revert: Maybe causing debug build asserts Original issue's description: > Oilpan: Query stack frame register instead of manual bookkeeping > > This CL introduce new class StackFrameDepth to keep track of > current stack frame depth. > On supported ABI/compiler, StackFrameDepth queries current > stack frame base register (e.g. %rbp on X86_64), skipping manual > bookkeeping. > > This improves Oilpan marking time by 17% on > BlinkGC.stress-large-SVGLengthList.html. > > TEST=PerformanceTests/BlinkGC/stress-large-SVGLengthList.html > BUG=420515 > R=haraken@chromium.org > > Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=188108 TBR=oilpan-reviews@chromium.org,haraken@chromium.org,sigbjornf@opera.com NOTRY=true BUG=420515 Review URL: https://codereview.chromium.org/851563003 git-svn-id: svn://svn.chromium.org/blink/trunk@188260 bbb929c8-8fbe-4397-9dbb-9b2b20218538
scheib
pushed a commit
to scheib/blink
that referenced
this pull request
Jan 27, 2015
… (patchset nwjs#8 id:180001 of https://codereview.chromium.org/456343002/) Reason for revert: Android perf bots failure in media.android.tough_video_cases (timeout) https://code.google.com/p/chromium/issues/detail?id=448092 Original issue's description: > Relanding 'Always notify the MediaPlayer of any seek' patch > > This change removes short circuit logic for seeking to the current position. > There are certain situations, like seeking to a truncated duration, where the > HTMLMediaElement is not in the best position to determine whether a call to > the MediaPlayer is necessary or not. This change allows the > MediaPlayer/WebMediaPlayer implementation to determine what the best course > of action should be. This also makes the seeking behavior more spec > compliant because even a seek to the current position should have the > seeking attribute be true until a stable state occurs. This is guaranteed > when calling into the MediaPlayer and allows all seeks to be treated the > same at the HTMLMediaElement level. > > BUG=266631 > TEST=LayoutTests/media/video-seek-to-current-position.html > > Original CL: https://codereview.chromium.org/431903003/ > > Depends on the chromium patch https://codereview.chromium.org/685993002/ > > Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=188150 TBR=philipj@opera.com,dalecurtis@chromium.org NOTREECHECKS=true NOTRY=true BUG=266631 Review URL: https://codereview.chromium.org/848853003 git-svn-id: svn://svn.chromium.org/blink/trunk@188281 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rogerwang
added a commit
that referenced
this pull request
Mar 5, 2015
or debug callback can't get the listener. Fix nwjs/nw.js#719 #0 WebCore::InspectorDebuggerAgent::didPause (this=0x7ffff7ee8800, scriptState=0x192e07eebb10, callFrames=..., exception=...) at ../../third_party/WebKit/Source/core/inspector/InspectorDebuggerAgent.cpp:682 #1 0x0000000003665f7e in WebCore::ScriptDebugServer::breakProgram ( this=0x7ffff7ee8260, executionState=..., exception=...) at ../../third_party/WebKit/Source/bindings/v8/ScriptDebugServer.cpp:425 #2 0x0000000003666ceb in WebCore::ScriptDebugServer::handleV8DebugEvent ( this=0x7ffff7ee8260, eventDetails=...) at ../../third_party/WebKit/Source/bindings/v8/ScriptDebugServer.cpp:503 #3 0x0000000003666012 in WebCore::ScriptDebugServer::v8DebugEventCallback ( eventDetails=...) at ../../third_party/WebKit/Source/bindings/v8/ScriptDebugServer.cpp:435 #4 0x0000000000f7ecb3 in v8::internal::Debugger::CallCEventCallback ( this=0x7ffff7eec520, event=v8::Break, exec_state=..., event_data=..., client_data=0x0) at ../../v8/src/debug.cc:2953 #5 0x0000000000f7ebf9 in v8::internal::Debugger::CallEventCallback ( this=0x7ffff7eec520, event=v8::Break, exec_state=..., event_data=..., client_data=0x0) at ../../v8/src/debug.cc:2932 #6 0x0000000000f7eabd in v8::internal::Debugger::ProcessDebugEvent ( this=0x7ffff7eec520, event=v8::Break, event_data=..., auto_continue=false) at ../../v8/src/debug.cc:2909 #7 0x0000000000f7e24d in v8::internal::Debugger::OnDebugBreak ( this=0x7ffff7eec520, break_points_hit=..., auto_continue=false) at ../../v8/src/debug.cc:2750 #8 0x0000000000f7836f in v8::internal::Debug::Break (this=0x7ffff7eecc20, args=...) at ../../v8/src/debug.cc:992 #9 0x0000000000f787a8 in v8::internal::__RT_impl_Debug_Break (args=..., isolate=0x7ffff7e80020) at ../../v8/src/debug.cc:1062 #10 0x0000000000f78769 in v8::internal::Debug_Break (args_length=0, args_object=0x7fffffff8248, isolate=0x7ffff7e80020) at ../../v8/src/debug.cc:1061
jtg-gg
pushed a commit
to jtg-gg/blink
that referenced
this pull request
Jul 31, 2015
…40001 of https://codereview.chromium.org/1059503002/) Reason for revert: This appears to be blocking the Blink roll due to the failure of DumpAccessibilityTreeTest.AccessibilityModalDialogClosed See, for example, this attempted roll: https://codereview.chromium.org/1068753002/ Original issue's description: > Don't keep recreating AXMenuListPopup > > Every time an AXMenuList (corresponding to a > <select> element) needed to update its children, > we were recreating the AXMenuListPopup and > all of the AXMenuListOptions each time, which is > wasteful. This change avoids deleting the popup > and stores the options in AXObjectCache by > element, rather than by ID, so they can be reused > when the options are updated. > > BUG=323462 > > Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=193251 TBR=je_julie.kim@samsung.com,dmazzoni@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=323462 Review URL: https://codereview.chromium.org/1061063004 git-svn-id: svn://svn.chromium.org/blink/trunk@193286 bbb929c8-8fbe-4397-9dbb-9b2b20218538
jtg-gg
pushed a commit
to jtg-gg/blink
that referenced
this pull request
Jul 31, 2015
…id:140001 of https://codereview.chromium.org/1109213002/) Reason for revert: This breaks the following browser_tests: ActivityLogApiTest.TriggerEvent ExtensionApiTest.Events ExtensionBrowserTest.WindowOpenExtension WebNavigationApiTest.OpenTab WebstoreInlineInstallerTest.ShouldBlockInlineInstallFromPopupWindow Original issue's description: > Make createWindow (mostly) work with OOPIF > > If a RemoteFrame is targeted by window.open(), we correctly plumb the navigation out of blink. > > We no longer assume that ChromeClient::createWindow will return a Page with a local main frame. However, there are a several places where we wouldn't have the plumbing to set the correct state even if a Page with a remote main frame was ever returned. > > BUG=463742 > > Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=195063 TBR=dcheng@chromium.org,esprehn@chromium.org,japhet@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=463742,485902 Review URL: https://codereview.chromium.org/1135633004 git-svn-id: svn://svn.chromium.org/blink/trunk@195105 bbb929c8-8fbe-4397-9dbb-9b2b20218538
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hotfix to solve crash in webkit
Reproduction:
Note: Source image can be later unavailable-
In console:
var oc = document.createElement('canvas');
var octx = this.oc.getContext('2d');
var elmImg = document.createElement("img");
elmImg.addEventListener("load",function(){
octx.drawImage(elmImg, 0, 0);
});
elmImg.src = "http://www.minorit.com/favicon.ico";
document.body.appendChild(elmImg);
=== crashed here ===