Bug 773097 - Don't create our surface from GetCanvasLayer. It's called while painting, and doing so will destroy the layer manager that we're painting with. r=roc,mattwoodrow

Canvases use the "persistent" layer manager, which is only used after 5 seconds has elapsed on Windows. So if we start up to a site that uses canvas, we risk switching to the persistent layer manager while drawing using the temporary layer manager. Because layer managers are singletons, they're not refcounted, and so we end up holding a dead pointer and corrupting the heap.
2012-08-10 12:13:09 -04:00 · 2012-08-10 12:13:09 -04:00 · b9ad485ab4
--- a/content/canvas/src/nsCanvasRenderingContext2D.cpp
+++ b/content/canvas/src/nsCanvasRenderingContext2D.cpp
@ -4316,8 +4316,11 @@ nsCanvasRenderingContext2D::GetCanvasLayer(nsDisplayListBuilder* aBuilder,
                                           CanvasLayer *aOldLayer,
                                           LayerManager *aManager)
 {
-    if (!EnsureSurface()) 
+    // If we don't have anything to draw, don't bother.
+    if (!mValid || !mSurface || mSurface->CairoStatus() || !mThebes ||
+        !mSurfaceCreated) {
        return nullptr;
+    }

    if (!mResetLayer && aOldLayer) {
        CanvasRenderingContext2DUserData* userData =