Bug 1313884: Part 2. Additional nullptr test and nightly/aurora crash if bad things happen. r=gw280
--- a/dom/canvas/CanvasRenderingContext2D.cpp
+++ b/dom/canvas/CanvasRenderingContext2D.cpp
@@ -4971,18 +4971,23 @@ CanvasRenderingContext2D::DrawImage(cons
if (element == mCanvasElement) {
// srcSurf is a snapshot of mTarget. If we draw to mTarget now, we'll
// trigger a COW copy of the whole canvas into srcSurf. That's a huge
// waste if sourceRect doesn't cover the whole canvas.
// We avoid copying the whole canvas by manually copying just the part
// that we need.
srcSurf = ExtractSubrect(srcSurf, &sourceRect, mTarget);
}
- AdjustedTarget(this, bounds.IsEmpty() ? nullptr : &bounds)->
- DrawSurface(srcSurf,
+
+ AdjustedTarget tempTarget(this, bounds.IsEmpty() ? nullptr : &bounds);
+ if (!tempTarget) {
+ gfxDevCrash(LogReason::InvalidDrawTarget) << "Invalid adjusted target in Canvas2D " << gfx::hexa(mTarget) << ", " << NeedToDrawShadow() << NeedToApplyFilter();
+ return;
+ }
+ tempTarget->DrawSurface(srcSurf,
gfx::Rect(aDx, aDy, aDw, aDh),
sourceRect,
DrawSurfaceOptions(samplingFilter, SamplingBounds::UNBOUNDED),
DrawOptions(CurrentState().globalAlpha, UsedOperation(), antialiasMode));
} else {
DrawDirectlyToCanvas(drawInfo, &bounds,
gfx::Rect(aDx, aDy, aDw, aDh),
gfx::Rect(aSx, aSy, aSw, aSh),
--- a/gfx/2d/Logging.h
+++ b/gfx/2d/Logging.h
@@ -124,16 +124,17 @@ enum class LogReason : int {
InvalidContext,
InvalidCommandList,
AsyncTransactionTimeout, // 30
TextureCreation,
InvalidCacheSurface,
AlphaWithBasicClient,
UnbalancedClipStack,
ProcessingError,
+ InvalidDrawTarget,
// End
MustBeLessThanThis = 101,
};
struct BasicLogger
{
// For efficiency, this method exists and copies the logic of the
// OutputMessage below. If making any changes here, also make it