[Webkit-unassigned] [Bug 18443] New: Crash on CSS gradients testcase
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Apr 12 14:36:07 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18443
Summary: Crash on CSS gradients testcase
Product: WebKit
Version: 526+ (Nightly build)
Platform: PC
OS/Version: Linux
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Platform
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mh+webkit at glandium.org
I get a crash on the following CSS gradients testcase with r31841:
https://bugs.webkit.org/attachment.cgi?id=20472
FWIW, this is happening on the Gtk Port, built with gcc 4.2.3 on x86_64, I
haven't tested others. The build happened with with -O2 and -g, but not with
--enable-debug.
Backtrace follows:
$ gdb /usr/lib/webkit-1.0/GtkLauncher
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) set pagination off
(gdb) run https://bugs.webkit.org/attachment.cgi?id=20472
Starting program: /usr/lib/webkit-1.0/GtkLauncher
https://bugs.webkit.org/attachment.cgi?id=20472
[Thread debugging using libthread_db enabled]
warning: Lowest section in /usr/lib/libicudata.so.38 is .hash at
0000000000000120
[New Thread 0x2b2077fb0520 (LWP 6916)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x2b2077fb0520 (LWP 6916)]
WebCore::GeneratedImage::drawPattern (this=<value optimized out>,
context=0x7fff3cdd7720, srcRect=@0x7fff3cdd6950,
patternTransform=@0x7fff3cdd6920, phase=@0x7fff3cdd6980,
compositeOp=WebCore::CompositeSourceOver, destRect=@0x7fff3cdd6a10) at
../WebCore/platform/graphics/GeneratedImage.cpp:65
65 ../WebCore/platform/graphics/GeneratedImage.cpp: No such file or
directory.
in ../WebCore/platform/graphics/GeneratedImage.cpp
Current language: auto; currently c++
(gdb) bt full
#0 WebCore::GeneratedImage::drawPattern (this=<value optimized out>,
context=0x7fff3cdd7720, srcRect=@0x7fff3cdd6950,
patternTransform=@0x7fff3cdd6920, phase=@0x7fff3cdd6980,
compositeOp=WebCore::CompositeSourceOver, destRect=@0x7fff3cdd6a10) at
../WebCore/platform/graphics/GeneratedImage.cpp:65
graphicsContext = (WebCore::GraphicsContext *) 0x2b2079406c50
#1 0x00002b206e46b256 in WebCore::Image::drawTiled (this=0x2b207940f6e0,
ctxt=0x7fff3cdd7720, destRect=@0x7fff3cdd6a10, srcPoint=@0x7fff3cdd6a30,
scaledTileSize=@0x7fff3cdd6a20, op=WebCore::CompositeSourceOver) at
../WebCore/platform/graphics/Image.cpp:153
intrinsicTileSize = {m_width = 150, m_height = 150}
patternTransform = {m_transform = {xx = 1, yx = 0, xy = 0, yy = 1, x0 =
0, y0 = 0}}
oneTileRect = {m_location = {m_x = -140, m_y = -140}, m_size = {m_width
= 150, m_height = 150}}
tileRect = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 150,
m_height = 150}}
#2 0x00002b206e46807d in WebCore::GraphicsContext::drawTiledImage
(this=0x7fff3cdd7720, image=0x2b207940f6e0, rect=@0x7fff3cdd6af0,
srcPoint=@0x7fff3cdd6b80, tileSize=<value optimized out>,
op=WebCore::CompositeSourceOver) at
../WebCore/platform/graphics/GraphicsContext.cpp:369
No locals.
#3 0x00002b206e4be3d3 in WebCore::RenderBox::paintBackgroundExtended
(this=0x2b20793e1a38, paintInfo=@0x7fff3cdd6f90, c=@0x2b20793a57b0,
bgLayer=0x2b2079435208, clipY=8, clipH=154, tx=8, ty=8, w=154, h=154, box=0x0)
at ../WebCore/rendering/RenderBox.cpp:738
destRect = {m_location = {m_x = 8, m_y = 8}, m_size = {m_width = 154,
m_height = 154}}
phase = {m_x = 148, m_y = 148}
tileSize = {m_width = 150, m_height = 150}
context = (class WebCore::GraphicsContext *) 0x7fff3cdd7720
includeLeftEdge = <value optimized out>
includeRightEdge = <value optimized out>
bLeft = 2
bRight = 2
pLeft = 0
pRight = 0
clippedToBorderRadius = false
bg = (class WebCore::StyleImage *) 0x2b20794330c0
shouldPaintBackgroundImage = <value optimized out>
bgColor = {static black = 4278190080, static white = 4294967295, static
darkGray = <optimized out>, static gray = <optimized out>, static lightGray =
<optimized out>, static transparent = <optimized out>, m_color = 0, m_valid =
false}
isTransparent = <value optimized out>
#4 0x00002b206e4b9e86 in WebCore::RenderBox::paintBackground
(this=0x2b20793a5730, paintInfo=@0x2b2079406c50, c=@0x7fff3cdd6850,
bgLayer=0x3, clipY=1887884928, clipH=0, tx=8, ty=8, width=154, height=154) at
../WebCore/rendering/RenderBox.cpp:426
No locals.
#5 0x00002b206e4b9f0f in WebCore::RenderBox::paintBackgrounds
(this=0x2b20793e1a38, paintInfo=@0x7fff3cdd6f90, c=@0x2b20793a57b0,
bgLayer=0x2b2079435230, clipY=8, clipH=154, tx=8, ty=8, width=154, height=154)
at ../WebCore/rendering/RenderBox.cpp:419
No locals.
#6 0x00002b206e4b9f0f in WebCore::RenderBox::paintBackgrounds
(this=0x2b20793e1a38, paintInfo=@0x7fff3cdd6f90, c=@0x2b20793a57b0,
bgLayer=0x2b2079435258, clipY=8, clipH=154, tx=8, ty=8, width=154, height=154)
at ../WebCore/rendering/RenderBox.cpp:419
No locals.
#7 0x00002b206e4b9f0f in WebCore::RenderBox::paintBackgrounds
(this=0x2b20793e1a38, paintInfo=@0x7fff3cdd6f90, c=@0x2b20793a57b0,
bgLayer=0x2b20793a5788, clipY=8, clipH=154, tx=8, ty=8, width=154, height=154)
at ../WebCore/rendering/RenderBox.cpp:419
No locals.
#8 0x00002b206e4bbd44 in WebCore::RenderBox::paintBoxDecorations
(this=0x2b20793e1a38, paintInfo=@0x7fff3cdd6f90, tx=8, ty=8) at
../WebCore/rendering/RenderBox.cpp:403
w = 154
h = 154
my = 8
mh = 154
themePainted = <value optimized out>
#9 0x00002b206e4b6c4f in WebCore::RenderBlock::paintObject
(this=0x2b20793e1a38, paintInfo=@0x7fff3cdd6f90, tx=8, ty=8) at
../WebCore/rendering/RenderBlock.cpp:1568
paintPhase = WebCore::PaintPhaseChildBlockBackground
inlineFlow = false
scrolledX = <value optimized out>
scrolledY = <value optimized out>
#10 0x00002b206e4adf3c in WebCore::RenderBlock::paint (this=0x2b20793e1a38,
paintInfo=@0x7fff3cdd6f90, tx=8, ty=8) at
../WebCore/rendering/RenderBlock.cpp:1416
phase = WebCore::PaintPhaseChildBlockBackground
#11 0x00002b206e4abb30 in WebCore::RenderBlock::paintChildren
(this=0x2b20793e1910, paintInfo=@0x7fff3cdd70f0, tx=8, ty=8) at
../WebCore/rendering/RenderBlock.cpp:1528
child = (class WebCore::RenderObject *) 0x2b20793e1a38
newPhase = <value optimized out>
info = {context = 0x7fff3cdd7720, rect = {m_location = {m_x = 0, m_y =
0}, m_size = {m_width = 800, m_height = 539}}, phase =
WebCore::PaintPhaseChildBlockBackground, forceBlackText = false, paintingRoot =
0x0, outlineObjects = 0x0}
#12 0x00002b206e4b6bf3 in WebCore::RenderBlock::paintObject
(this=0x2b20793e1910, paintInfo=@0x7fff3cdd70f0, tx=8, ty=8) at
../WebCore/rendering/RenderBlock.cpp:1586
paintPhase = WebCore::PaintPhaseChildBlockBackground
inlineFlow = false
scrolledX = 8
scrolledY = 8
#13 0x00002b206e4adf3c in WebCore::RenderBlock::paint (this=0x2b20793e1910,
paintInfo=@0x7fff3cdd70f0, tx=8, ty=8) at
../WebCore/rendering/RenderBlock.cpp:1416
phase = WebCore::PaintPhaseChildBlockBackground
#14 0x00002b206e4abb30 in WebCore::RenderBlock::paintChildren
(this=0x2b20793e1708, paintInfo=@0x7fff3cdd72e0, tx=0, ty=0) at
../WebCore/rendering/RenderBlock.cpp:1528
child = (class WebCore::RenderObject *) 0x2b20793e1910
newPhase = <value optimized out>
info = {context = 0x7fff3cdd7720, rect = {m_location = {m_x = 0, m_y =
0}, m_size = {m_width = 800, m_height = 539}}, phase =
WebCore::PaintPhaseChildBlockBackground, forceBlackText = false, paintingRoot =
0x0, outlineObjects = 0x0}
#15 0x00002b206e4b6bf3 in WebCore::RenderBlock::paintObject
(this=0x2b20793e1708, paintInfo=@0x7fff3cdd72e0, tx=0, ty=0) at
../WebCore/rendering/RenderBlock.cpp:1586
paintPhase = WebCore::PaintPhaseChildBlockBackgrounds
inlineFlow = false
scrolledX = 0
scrolledY = 0
#16 0x00002b206e4adf3c in WebCore::RenderBlock::paint (this=0x2b20793e1708,
paintInfo=@0x7fff3cdd72e0, tx=0, ty=0) at
../WebCore/rendering/RenderBlock.cpp:1416
phase = WebCore::PaintPhaseChildBlockBackgrounds
#17 0x00002b206e4dec79 in WebCore::RenderLayer::paintLayer
(this=0x2b20793e17d0, rootLayer=0x2b20793e1568, p=0x7fff3cdd7720,
paintDirtyRect=@0x7fff3cdd76a0, haveTransparency=false,
paintRestriction=WebCore::PaintRestrictionNone, paintingRoot=0x0,
appliedTransform=false) at ../WebCore/rendering/RenderLayer.cpp:1596
paintInfo = {context = 0x7fff3cdd7720, rect = {m_location = {m_x = 0,
m_y = 0}, m_size = {m_width = 800, m_height = 539}}, phase =
WebCore::PaintPhaseChildBlockBackgrounds, forceBlackText = false, paintingRoot
= 0x0, outlineObjects = 0x0}
layerBounds = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width =
800, m_height = 539}}
damageRect = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 800,
m_height = 539}}
clipRectToApply = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width =
800, m_height = 539}}
outlineRect = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width =
800, m_height = 539}}
y = 539
tx = 0
ty = 0
forceBlackText = <value optimized out>
paintingRootForRenderer = (class WebCore::RenderObject *) 0x0
shouldPaint = true
#18 0x00002b206e4dea81 in WebCore::RenderLayer::paintLayer
(this=0x2b20793e1568, rootLayer=0x2b20793e1568, p=0x7fff3cdd7720,
paintDirtyRect=@0x7fff3cdd76a0, haveTransparency=false,
paintRestriction=WebCore::PaintRestrictionNone, paintingRoot=0x0,
appliedTransform=false) at ../WebCore/rendering/RenderLayer.cpp:1626
it = (class WebCore::RenderLayer **) 0x2b20793e3388
layerBounds = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width =
800, m_height = 539}}
damageRect = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 800,
m_height = 539}}
clipRectToApply = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width =
800, m_height = 539}}
outlineRect = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width =
800, m_height = 539}}
y = <value optimized out>
tx = 0
ty = 0
forceBlackText = <value optimized out>
paintingRootForRenderer = (class WebCore::RenderObject *) 0x0
shouldPaint = true
#19 0x00002b206e4def44 in WebCore::RenderLayer::paint (this=0x2b20793a5730,
p=0x7fff3cdd6850, damageRect=@0x3,
paintRestriction=WebCore::PaintRestrictionNone, paintingRoot=<value optimized
out>) at ../WebCore/rendering/RenderLayer.cpp:1451
No locals.
#20 0x00002b206e43d8e8 in WebCore::Frame::paint (this=0x2b20793a4228,
p=0x7fff3cdd7720, rect=@0x7fff3cdd76a0) at ../WebCore/page/Frame.cpp:1346
eltRenderer = (class WebCore::RenderObject *) 0x0
#21 0x00002b206e14b601 in WebCore::ScrollView::paint (this=0x2b20793a6828,
context=0x7fff3cdd7720, rect=@0x7fff3cdd7710) at
../WebCore/platform/gtk/ScrollViewGtk.cpp:733
documentDirtyRect = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width
= 800, m_height = 539}}
#22 0x00002b206e12b660 in webkit_web_view_expose_event (widget=<value optimized
out>, event=<value optimized out>) at
../WebKit/gtk/webkit/webkitwebview.cpp:264
priv = <value optimized out>
frame = (class WebCore::Frame *) 0x2b20793a4228
clip = {x = 0, y = 0, width = 800, height = 539}
cr = (cairo_t *) 0xa88f50
ctx = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_common =
0x2b20793f2d20, m_data = 0x2b207940f730}
#23 0x00002b206f1a84df in _gtk_marshal_BOOLEAN__BOXED (closure=0x636810,
return_value=0x7fff3cdd79e0, n_param_values=<value optimized out>,
param_values=0x7fff3cdd7ac0, invocation_hint=<value optimized out>,
marshal_data=0x2b206e12b590) at
/build/buildd/gtk+2.0-2.12.9/gtk/gtkmarshalers.c:84
data1 = (gpointer) 0x66e3b0
data2 = (gpointer) 0x7fff3cdd6850
v_return = <value optimized out>
__PRETTY_FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXED"
#24 0x00002b206f623b5f in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#25 0x00002b206f6379d8 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#26 0x00002b206f638d16 in g_signal_emit_valist () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#27 0x00002b206f6393b3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#28 0x00002b206f2af925 in gtk_widget_event_internal (widget=0x66e3b0,
event=0x7fff3cdd7ea0) at /build/buildd/gtk+2.0-2.12.9/gtk/gtkwidget.c:4678
signal_num = <value optimized out>
return_val = 0
#29 0x00002b206f1a297e in IA__gtk_main_do_event (event=0x7fff3cdd7ea0) at
/build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1514
event_widget = (GtkWidget *) 0x66e3b0
grab_widget = (GtkWidget *) 0x66e3b0
window_group = (GtkWindowGroup *) 0x6d9a80
rewritten_event = (GdkEvent *) 0x0
tmp_list = <value optimized out>
__PRETTY_FUNCTION__ = "IA__gtk_main_do_event"
#30 0x00002b206fd51b94 in gdk_window_process_updates_internal (window=0x8860a0)
at /build/buildd/gtk+2.0-2.12.9/gdk/gdkwindow.c:2378
event = {type = GDK_EXPOSE, any = {type = GDK_EXPOSE, window =
0x8860a0, send_event = 0 '\0'}, expose = {type = GDK_EXPOSE, window = 0x8860a0,
send_event = 0 '\0', area = {x = 0, y = 0, width = 800, height = 539}, region =
0x66b790, count = 0}, no_expose = {type = GDK_EXPOSE, window = 0x8860a0,
send_event = 0 '\0'}, visibility = {type = GDK_EXPOSE, window = 0x8860a0,
send_event = 0 '\0', state = GDK_VISIBILITY_UNOBSCURED}, motion = {type =
GDK_EXPOSE, window = 0x8860a0, send_event = 0 '\0', time = 0, x =
1.6975966327722179e-311, y = 2.6630138310843189e-321, axes = 0x66b790, state =
0, is_hint = 0, device = 0x2b206eb01220, x_root = 5.4298051629462999e-317,
y_root = 3.2054821001173407e-317}, button = {type = GDK_EXPOSE, window =
0x8860a0, send_event = 0 '\0', time = 0, x = 1.6975966327722179e-311, y =
2.6630138310843189e-321, axes = 0x66b790, state = 0, button = 0, device =
0x2b206eb01220, x_root = 5.4298051629462999e-317, y_root =
3.2054821001173407e-317}, scroll = {type = GDK_EXPOSE, window = 0x8860a0,
send_event = 0 '\0', time = 0, x = 1.6975966327722179e-311, y =
2.6630138310843189e-321, state = 6731664, direction = GDK_SCROLL_UP, device =
0x0, x_root = 2.3427751028334667e-310, y_root = 5.4298051629462999e-317}, key =
{type = GDK_EXPOSE, window = 0x8860a0, send_event = 0 '\0', time = 0, state =
0, keyval = 800, length = 539, string = 0x66b790 "\002", hardware_keycode = 0,
group = 0 '\0', is_modifier = 0}, crossing = {type = GDK_EXPOSE, window =
0x8860a0, send_event = 0 '\0', subwindow = 0x32000000000, time = 539, x =
3.3258839217462691e-317, y = 0, x_root = 2.3427751028334667e-310, y_root =
5.4298051629462999e-317, mode = 6487968, detail = GDK_NOTIFY_ANCESTOR, focus =
1, state = 0}, focus_change = {type = GDK_EXPOSE, window = 0x8860a0, send_event
= 0 '\0', in = 0}, configure = {type = GDK_EXPOSE, window = 0x8860a0,
send_event = 0 '\0', x = 0, y = 0, width = 800, height = 539}, property = {type
= GDK_EXPOSE, window = 0x8860a0, send_event = 0 '\0', atom = 0x32000000000,
time = 539, state = 0}, selection = {type = GDK_EXPOSE, window = 0x8860a0,
send_event = 0 '\0', selection = 0x32000000000, target = 0x21b, property =
0x66b790, time = 0, requestor = 0}, owner_change = {type = GDK_EXPOSE, window =
0x8860a0, send_event = 0 '\0', owner = 0, reason = GDK_OWNER_CHANGE_NEW_OWNER,
selection = 0x21b, time = 6731664, selection_time = 0}, proximity = {type =
GDK_EXPOSE, window = 0x8860a0, send_event = 0 '\0', time = 0, device =
0x32000000000}, client = {type = GDK_EXPOSE, window = 0x8860a0, send_event = 0
'\0', message_type = 0x32000000000, data_format = 539, data = {b =
"\220�f", '\0' <repeats 13 times>, " \022�n", s = {-18544, 102,
0, 0, 0, 0, 0, 0, 4640, 28336}, l = {6731664, 0, 47418295980576, 10990048,
6487968}}}, dnd = {type = GDK_EXPOSE, window = 0x8860a0, send_event = 0 '\0',
context = 0x32000000000, time = 539, x_root = 0, y_root = 0}, window_state =
{type = GDK_EXPOSE, window = 0x8860a0, send_event = 0 '\0', changed_mask = 0,
new_window_state = 0}, setting = {type = GDK_EXPOSE, window = 0x8860a0,
send_event = 0 '\0', action = GDK_SETTING_ACTION_NEW, name = 0x32000000000
<Address 0x32000000000 out of bounds>}, grab_broken = {type = GDK_EXPOSE,
window = 0x8860a0, send_event = 0 '\0', keyboard = 0, implicit = 0, grab_window
= 0x21b}}
window_rect = {x = 0, y = 0, width = 800, height = 539}
expose_region = (GdkRegion *) 0x66b790
window_region = (GdkRegion *) 0x6d4460
width = 800
height = 539
save_region = 1
#31 0x00002b206fd521b7 in IA__gdk_window_process_all_updates () at
/build/buildd/gtk+2.0-2.12.9/gdk/gdkwindow.c:2444
private = (GdkWindowObject *) 0x8860a0
old_update_windows = (GSList *) 0x783d10
tmp_list = (GSList *) 0x783a90
#32 0x00002b206fd521d9 in gdk_window_update_idle (data=0x2b20793a5730) at
/build/buildd/gtk+2.0-2.12.9/gdk/gdkwindow.c:2288
No locals.
#33 0x00002b206fd3982e in gdk_threads_dispatch (data=0x6dac20) at
/build/buildd/gtk+2.0-2.12.9/gdk/gdk.c:470
ret = 0
#34 0x00002b206f8920f2 in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#35 0x00002b206f895396 in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#36 0x00002b206f895657 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#37 0x00002b206f1a2b63 in IA__gtk_main () at
/build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1163
tmp_list = (GList *) 0x62b0b0
functions = (GList *) 0x0
init = (GtkInitFunction *) 0x662280
loop = (GMainLoop *) 0x883570
#38 0x0000000000401e9b in main (argc=2, argv=0x7fff3cdd8288) at
../WebKitTools/GtkLauncher/main.c:200
vbox = (GtkWidget *) 0x62b0b0
uri = <value optimized out>
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list