[Webkit-unassigned] [Bug 15962] <canvas> rendering crasher with undefined moveTo and lineWidth != 1

Thu Feb 21 15:58:46 PST 2008

http://bugs.webkit.org/show_bug.cgi?id=15962

------- Comment #4 from webkit at mattlilek.com  2008-02-21 15:58 PDT -------
(In reply to comment #3)
> This no longer crashes for me on TOT. in fact, the test does not appear to
> "run." I am not sure if we are correctly preventing it from running or if the
> fact that it is not running is a separate bug. Anyone have any info?
> 

The test at the URL doesn't run in Firefox 2 or 3 and Opera 9.5 so I'm inclined
to think that we're good by not running.

Mitz's reduction does crash in TOT though (2nd reload for me), but its below
WebKit:

Thread 0 Crashed:
0   com.apple.CoreGraphics              0x926268e2 aa_render + 1810
1   libRIP.A.dylib                      0x9542fe04 ripr_Coverage + 2053
2   libRIP.A.dylib                      0x9541d8a6 ripc_Render + 481
3   libRIP.A.dylib                      0x954267f8 ripc_DrawPath + 632
4   com.apple.CoreGraphics              0x926104f7 CGContextDrawPath + 176
5   com.apple.CoreGraphics              0x9265e1b6 CGContextStrokePath + 25
6   com.apple.WebCore                   0x01bc2f14
WebCore::CanvasRenderingContext2D::stroke() + 474
(CanvasRenderingContext2D.cpp:577)
7   com.apple.WebCore                   0x01db9082
WebCore::jsCanvasRenderingContext2DPrototypeFunctionStroke(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) + 96 (JSCanvasRenderingContext2D.cpp:687)
8   com.apple.JavaScriptCore            0x0041fe54
KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) + 34 (function.cpp:883)
9   com.apple.JavaScriptCore            0x0043cae8
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222
(object.cpp:96)
10  com.apple.JavaScriptCore            0x004978b0
KJS::FunctionCallDotNode::inlineEvaluate(KJS::ExecState*) + 776
(nodes.cpp:1225)
11  com.apple.JavaScriptCore            0x0045872c
KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 30 (nodes.cpp:1231)
12  com.apple.JavaScriptCore            0x0044ab63
KJS::ExprStatementNode::execute(KJS::ExecState*) + 43 (nodes.cpp:3731)
13  com.apple.JavaScriptCore            0x0042b9b3
KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&,
KJS::ExecState*) + 85 (nodes.cpp:3684)
14  com.apple.JavaScriptCore            0x0042ba40
KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3710)
15  com.apple.JavaScriptCore            0x00448360
KJS::ProgramNode::execute(KJS::ExecState*) + 34 (nodes.cpp:4617)
16  com.apple.JavaScriptCore            0x00465a28
KJS::Interpreter::evaluate(KJS::ExecState*, KJS::UString const&, int,
KJS::UChar const*, int, KJS::JSValue*) + 846 (interpreter.cpp:125)
17  com.apple.WebCore                   0x0211c8c5
WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String
const&) + 223 (kjs_proxy.cpp:87)
18  com.apple.WebCore                   0x01ce12ba
WebCore::FrameLoader::executeScript(WebCore::String const&, int,
WebCore::String const&) + 110 (FrameLoader.cpp:759)
19  com.apple.WebCore                   0x01d6268e
WebCore::HTMLTokenizer::scriptExecution(WebCore::String const&,
WebCore::HTMLTokenizer::State, WebCore::String const&, int) + 276
(HTMLTokenizer.cpp:527)
20  com.apple.WebCore                   0x01d63d16
WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State) + 1456
(HTMLTokenizer.cpp:476)
21  com.apple.WebCore                   0x01d64263
WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString&,
WebCore::HTMLTokenizer::State) + 991 (HTMLTokenizer.cpp:326)
22  com.apple.WebCore                   0x01d662a7
WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&,
WebCore::HTMLTokenizer::State) + 6779 (HTMLTokenizer.cpp:1472)
23  com.apple.WebCore                   0x01d66b71
WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1295
(HTMLTokenizer.cpp:1697)
24  com.apple.WebCore                   0x01cda862
WebCore::FrameLoader::write(char const*, int, bool) + 956
(FrameLoader.cpp:1000)
25  com.apple.WebCore                   0x01cda996
WebCore::FrameLoader::addData(char const*, int) + 278 (FrameLoader.cpp:1747)
26  com.apple.WebCore                   0x020cae40 -[WebCoreFrameBridge
addData:] + 148 (WebCoreFrameBridge.mm:297)
27  com.apple.WebCore                   0x020cfce8 -[WebCoreFrameBridge
receivedData:textEncodingName:] + 252 (WebCoreFrameBridge.mm:1233)
28  com.apple.WebKit                    0x001bf746 -[WebHTMLRepresentation
receivedData:withDataSource:] + 200 (WebHTMLRepresentation.mm:175)
29  com.apple.WebKit                    0x0019c758 -[WebDataSource(WebInternal)
_receivedData:] + 90 (WebDataSource.mm:198)
30  com.apple.WebKit                    0x001b2c66
WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int)
+ 128 (WebFrameLoaderClient.mm:703)
31  com.apple.WebCore                   0x01cd5ca5
WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader*, char const*, int)
+ 53 (FrameLoader.cpp:3228)
32  com.apple.WebCore                   0x01c7a0bd
WebCore::DocumentLoader::commitLoad(char const*, int) + 87
(DocumentLoader.cpp:354)
33  com.apple.WebCore                   0x01c7a2dc
WebCore::DocumentLoader::receivedData(char const*, int) + 76
(DocumentLoader.cpp:367)
34  com.apple.WebCore                   0x01cd54b1
WebCore::FrameLoader::receivedData(char const*, int) + 41
(FrameLoader.cpp:2194)
35  com.apple.WebCore                   0x01ead1a8
WebCore::MainResourceLoader::addData(char const*, int, bool) + 80
(MainResourceLoader.cpp:139)
36  com.apple.WebCore                   0x01fa2acd
WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 83
(ResourceLoader.cpp:240)
37  com.apple.WebCore                   0x01ead4b6
WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool)
+ 282 (MainResourceLoader.cpp:299)
38  com.apple.WebCore                   0x01fa26a4
WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*,
int, int) + 62 (ResourceLoader.cpp:368)
39  com.apple.WebCore                   0x01f9ff61
-[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] +
201 (ResourceHandleMac.mm:450)
40  com.apple.Foundation                0x90dea3b7
-[NSURLConnection(NSURLConnectionReallyInternal)
sendDidReceiveData:originalLength:] + 119
41  com.apple.Foundation                0x90dea31e
_NSURLConnectionDidReceiveData + 94
42  com.apple.CFNetwork                 0x92c500af sendDidReceiveDataCallback +
518
43  com.apple.CFNetwork                 0x92c4d76d
_CFURLConnectionSendCallbacks + 1559
44  com.apple.CFNetwork                 0x92c4d0d9 muxerSourcePerform + 283
45  com.apple.CoreFoundation            0x943af62e CFRunLoopRunSpecific + 3166
46  com.apple.CoreFoundation            0x943afd18 CFRunLoopRunInMode + 88
47  com.apple.HIToolbox                 0x910986a0 RunCurrentEventLoopInMode +
283
48  com.apple.HIToolbox                 0x910984b9 ReceiveNextEventCommon + 374
49  com.apple.HIToolbox                 0x9109832d
BlockUntilNextEventMatchingListInMode + 106
50  com.apple.AppKit                    0x917047d9 _DPSNextEvent + 657
51  com.apple.AppKit                    0x9170408e -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
52  com.apple.Safari                    0x0000965e 0x1000 + 34398
53  com.apple.AppKit                    0x916fd0c5 -[NSApplication run] + 795
54  com.apple.AppKit                    0x916ca30a NSApplicationMain + 574
55  com.apple.Safari                    0x00002a76 0x1000 + 6774

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.