Bug 798802 - Fix layer uninitialised in nsHTMLCanvasElement::InvalidateCanvasContent(). r=mattwoodrow, a=bajaj
authorAnthony Jones <ajones@mozilla.com>
Thu, 11 Oct 2012 21:31:39 -0400
changeset 116233 e1ac6983fa36fb062e35c5073837681b7d9e1e6d
parent 116232 3a82fae11d502bb83c69c3d1c34781297d05415c
child 116234 dbcf231295069fe5cc95e6411a3912127f6c85a6
push id1708
push userakeybl@mozilla.com
push dateMon, 19 Nov 2012 21:10:21 +0000
treeherdermozilla-beta@27b14fe50103 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmattwoodrow, bajaj
bugs798802
milestone18.0a2
Bug 798802 - Fix layer uninitialised in nsHTMLCanvasElement::InvalidateCanvasContent(). r=mattwoodrow, a=bajaj
content/html/content/crashtests/798802-1.html
content/html/content/crashtests/crashtests.list
content/html/content/src/nsHTMLCanvasElement.cpp
new file mode 100644
--- /dev/null
+++ b/content/html/content/crashtests/798802-1.html
@@ -0,0 +1,18 @@
+<html>
+  <head>
+    <script>
+      onload = function() {
+        var canvas2d = document.createElement('canvas')
+        canvas2d.setAttribute('width', 0)
+        document.body.appendChild(canvas2d)
+        var ctx2d = canvas2d.getContext('2d')
+        ctx2d.fillStyle = 'black'
+        var gl = document.createElement('canvas').getContext('experimental-webgl')
+        gl.texImage2D(gl.TEXTURE_2D, 0, gl.RGBA, gl.RGBA, gl.UNSIGNED_BYTE, canvas2d)
+        ctx2d.fillRect(0, 0, 1, 1)
+      }
+    </script>
+  </head>
+  <body>
+  </body>
+</html>
--- a/content/html/content/crashtests/crashtests.list
+++ b/content/html/content/crashtests/crashtests.list
@@ -36,8 +36,9 @@ load 682460.html
 load 673853.html
 load 738744.xhtml
 load 741250.xhtml
 load 795221-1.html
 load 795221-2.html
 load 795221-3.html
 load 795221-4.html
 load 795221-5.xml
+load 798802-1.html
--- a/content/html/content/src/nsHTMLCanvasElement.cpp
+++ b/content/html/content/src/nsHTMLCanvasElement.cpp
@@ -903,17 +903,17 @@ nsHTMLCanvasElement::InvalidateCanvasCon
   // We don't need to flush anything here; if there's no frame or if
   // we plan to reframe we don't need to invalidate it anyway.
   nsIFrame *frame = GetPrimaryFrame();
   if (!frame)
     return;
 
   frame->MarkLayersActive(nsChangeHint(0));
 
-  Layer* layer;
+  Layer* layer = nullptr;
   if (damageRect) {
     nsIntSize size = GetWidthHeight();
     if (size.width != 0 && size.height != 0) {
 
       gfxRect realRect(*damageRect);
       realRect.RoundOut();
 
       // then make it a nsRect