diff options
author | Cary Clark <caryclark@google.com> | 2017-03-24 11:41:24 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-03-27 14:16:21 +0000 |
commit | f4a9f83b38a0a45cda3205ad50747e6a7719f8ab (patch) | |
tree | 05f71d8ad670e465d9885364416b0ab8b3a90253 /core/fxcrt/cfx_weak_ptr.h | |
parent | 780f5529f0ed234def78e0e19e30c1a29ecc6b2f (diff) | |
download | pdfium-f4a9f83b38a0a45cda3205ad50747e6a7719f8ab.tar.xz |
fix new tab crash in skia clip stack
The crash on the new tab page is triggered by processing a transparency.
This creates a new Skia device in CPDF_RenderStatus::LoadSMask():
// cpdf_renderstatus.cpp # 2557
if (!bitmap_device.Create(width, height, format, nullptr))
which sets the Skia clip stack to empty.
It then calls
RenderObjectList()
RenderSingleObject()
ProcessClipPath()
which resets the clip stack;
// cpdf_renderstatus.cpp # 1882
m_LastClipPath = ClipPath;
m_pDevice->RestoreState(true);
At this point m_LastClipPath contains {m_Ref={m_pObject={m_pObj=empty } } }
The impelemntation in CFX_AggDeviceDriver::RestoreState() is
// fx_agg_driver.cpp # 1283
if (m_StateStack.empty())
return;
This hides unbalanced save/restores, but reworking PDFium to balance is nontrivial.
R=dsinclair@chromium.org
BUG=chromium:704442
Bug:
Change-Id: Ia70d4dd7bd118e40adc5c029acbaa0b66372d3aa
Reviewed-on: https://pdfium-review.googlesource.com/3191
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fxcrt/cfx_weak_ptr.h')
0 files changed, 0 insertions, 0 deletions