[Webkit-unassigned] [Bug 70123] New: DumpRenderTree crashes on fast/gradients/border-image-gradient-sides-and-corners.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 14 11:36:10 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=70123

           Summary: DumpRenderTree crashes on
                    fast/gradients/border-image-gradient-sides-and-corners
                    .html
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: kubo at profusion.mobi
                CC: mrobinson at webkit.org


If I run DumpRenderTree with "--pixel-tests" and pass fast/gradients/border-image-gradient-sides-and-corners.html to it, the assertion in computeMD5HashStringForBitmapContext in PixelDumpSupportCairo.cpp fails due to a problem which happens earlier when the page contents are being dumped into a PNG. At some point, there is a division by zero that causes inf to be passed as the first parameter to GraphicsContext::scale, which leads to cairo_scale failing and setting the status to CAIRO_STATUS_INVALID_MATRIX.

This is the relevant stack trace:

#0  _cairo_error (status=CAIRO_STATUS_INVALID_MATRIX) at /build/buildd/cairo-1.10.2/src/cairo.c:173
#1  0xb4644209 in _cairo_gstate_scale (gstate=0x84c1718, sx=inf, sy=1)
    at /build/buildd/cairo-1.10.2/src/cairo-gstate.c:663
#2  0xb463a38b in *INT_cairo_scale (cr=0xb46d2460, sx=inf, sy=1)
    at /build/buildd/cairo-1.10.2/src/cairo.c:1461
#3  0xb616a4ba in WebCore::GraphicsContext::scale (this=0xbfffd790, size=...)
    at ../../Source/WebCore/platform/graphics/cairo/GraphicsContextCairo.cpp:1057
#4  0xb594ee05 in WebCore::GeneratedImage::draw (this=0x84b9278, context=0xbfffd790, dstRect=..., 
    srcRect=..., compositeOp=WebCore::CompositeSourceOver)
    at ../../Source/WebCore/platform/graphics/GeneratedImage.cpp:44
#5  0xb5959331 in WebCore::GraphicsContext::drawImage (this=0xbfffd790, image=0x84b9278, 
    styleColorSpace=WebCore::ColorSpaceDeviceRGB, dest=..., src=..., op=WebCore::CompositeSourceOver, 
    useLowQualityScale=false) at ../../Source/WebCore/platform/graphics/GraphicsContext.cpp:487
#6  0xb5959003 in WebCore::GraphicsContext::drawImage (this=0xbfffd790, image=0x84b9278, 
    styleColorSpace=WebCore::ColorSpaceDeviceRGB, dest=..., srcRect=..., op=WebCore::CompositeSourceOver, 
    useLowQualityScale=false) at ../../Source/WebCore/platform/graphics/GraphicsContext.cpp:457
#7  0xb595952a in WebCore::GraphicsContext::drawTiledImage (this=0xbfffd790, image=0x84b9278, 
    styleColorSpace=WebCore::ColorSpaceDeviceRGB, dest=..., srcRect=..., tileScaleFactor=..., 
    hRule=WebCore::Image::StretchTile, vRule=WebCore::Image::StretchTile, op=WebCore::CompositeSourceOver, 
    useLowQualityScale=false) at ../../Source/WebCore/platform/graphics/GraphicsContext.cpp:512
#8  0xb5a99f23 in WebCore::RenderBoxModelObject::paintNinePieceImage (this=0x84bf0c4, 
    graphicsContext=0xbfffd790, rect=..., style=0x84bedd8, ninePieceImage=..., 
    op=WebCore::CompositeSourceOver) at ../../Source/WebCore/rendering/RenderBoxModelObject.cpp:1110
#9  0xb5a9b81e in WebCore::RenderBoxModelObject::paintBorder (this=0x84bf0c4, info=..., rect=..., 
    style=0x84bedd8, bleedAvoidance=WebCore::BackgroundBleedNone, includeLogicalLeftEdge=true, 
    includeLogicalRightEdge=true) at ../../Source/WebCore/rendering/RenderBoxModelObject.cpp:1530
#10 0xb5a85b64 in WebCore::RenderBox::paintBoxDecorations (this=0x84bf0c4, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBox.cpp:945
#11 0xb5a3e820 in WebCore::RenderBlock::paintObject (this=0x84bf0c4, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:2569
#12 0xb5a3d94e in WebCore::RenderBlock::paint (this=0x84bf0c4, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:2365
#13 0xb5a3e4b0 in WebCore::RenderBlock::paintChildren (this=0x84bd6e4, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:2522
#14 0xb5a3e1b9 in WebCore::RenderBlock::paintContents (this=0x84bd6e4, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:2480
#15 0xb5a3e958 in WebCore::RenderBlock::paintObject (this=0x84bd6e4, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:2593
#16 0xb5a3d94e in WebCore::RenderBlock::paint (this=0x84bd6e4, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:2365
#17 0xb5a3e4b0 in WebCore::RenderBlock::paintChildren (this=0x84b8a7c, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:2522
#18 0xb5a3e1b9 in WebCore::RenderBlock::paintContents (this=0x84b8a7c, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:2480
#19 0xb5a3e958 in WebCore::RenderBlock::paintObject (this=0x84b8a7c, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:2593
#20 0xb5a3d94e in WebCore::RenderBlock::paint (this=0x84b8a7c, paintInfo=..., paintOffset=...)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:2365
#21 0xb5ae3968 in WebCore::RenderLayer::paintLayer (this=0x84b8b04, rootLayer=0x849090c, p=0xbfffd790, 
    paintDirtyRect=..., paintBehavior=0, paintingRoot=0x0, region=0x0, overlapTestRequests=0xbfffd5ac, 
    paintFlags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:2790
#22 0xb5ae3eb6 in WebCore::RenderLayer::paintList (this=0x849090c, list=0x814c8a8, rootLayer=0x849090c,
    p=0xbfffd790, paintDirtyRect=..., paintBehavior=0, paintingRoot=0x0, region=0x0, 
    overlapTestRequests=0xbfffd5ac, paintFlags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:2855
#23 0xb5ae3bfa in WebCore::RenderLayer::paintLayer (this=0x849090c, rootLayer=0x849090c, p=0xbfffd790, 
    paintDirtyRect=..., paintBehavior=0, paintingRoot=0x0, region=0x0, overlapTestRequests=0xbfffd5ac, 
    paintFlags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:2817
#24 0xb5ae2a72 in WebCore::RenderLayer::paint (this=0x849090c, p=0xbfffd790, damageRect=..., 
    paintBehavior=0, paintingRoot=0x0, region=0x0, paintFlags=0)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:2543
#25 0xb58c745b in WebCore::FrameView::paintContents (this=0x814ba30, p=0xbfffd790, rect=...)
    at ../../Source/WebCore/page/FrameView.cpp:2759
#26 0xb59cb81a in WebCore::ScrollView::paint (this=0x814ba30, context=0xbfffd790, rect=...)
    at ../../Source/WebCore/platform/ScrollView.cpp:1020
#27 0xb5200bb7 in paintWebView (frame=0x8134f70, transparent=0, context=..., clipRect=..., rects=...)
    at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp:653
#28 0xb5200e6b in webkit_web_view_draw (widget=0x810c010, cr=0xb46d2460)
    at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp:720
#29 0xb4bc4034 in ?? () from /usr/lib/libgtk-3.so.0
#30 0xb4d0026d in ?? () from /usr/lib/libgtk-3.so.0
#31 0xb47c9cc7 in g_type_class_meta_marshal (closure=0x80e3590, return_value=0xbfffda34, n_param_values=2, 
    param_values=0x81200f0, invocation_hint=0xbfffda20, marshal_data=0x90)
    at /build/buildd/glib2.0-2.28.6/./gobject/gclosure.c:878
#32 0xb47cb2a0 in g_closure_invoke (closure=0x80e3590, return_value=0xbfffda34, n_param_values=2, 
    param_values=0x81200f0, invocation_hint=0xbfffda20)
    at /build/buildd/glib2.0-2.28.6/./gobject/gclosure.c:767
#33 0xb47dde45 in signal_emit_unlocked_R (node=0x80f22a8, detail=0, instance=0x810c010, 
    emission_return=0xbfffdb6c, instance_and_params=0x81200f0)
    at /build/buildd/glib2.0-2.28.6/./gobject/gsignal.c:3290
#34 0xb47e68d7 in g_signal_emit_valist (instance=0x810c010, signal_id=34, detail=0, 
    var_args=0xbfffdbe0 "\f\334\377\277") at /build/buildd/glib2.0-2.28.6/./gobject/gsignal.c:2993
#35 0xb47e6cc2 in g_signal_emit (instance=0x810c010, signal_id=34, detail=0)
    at /build/buildd/glib2.0-2.28.6/./gobject/gsignal.c:3040
#36 0xb4d13e9d in ?? () from /usr/lib/libgtk-3.so.0
#37 0xb4b36f55 in gtk_container_propagate_draw () from /usr/lib/libgtk-3.so.0
#38 0xb4b36fdd in ?? () from /usr/lib/libgtk-3.so.0
#39 0xb4aed62d in ?? () from /usr/lib/libgtk-3.so.0
#40 0xb4b355c4 in gtk_container_forall () from /usr/lib/libgtk-3.so.0
#41 0xb4b35777 in ?? () from /usr/lib/libgtk-3.so.0
#42 0xb4bc4034 in ?? () from /usr/lib/libgtk-3.so.0
#43 0xb4d0026d in ?? () from /usr/lib/libgtk-3.so.0
#44 0xb47c9cc7 in g_type_class_meta_marshal (closure=0x80e3590, return_value=0xbfffdf24, n_param_values=2, 
    param_values=0x8120118, invocation_hint=0xbfffdf10, marshal_data=0x90)
    at /build/buildd/glib2.0-2.28.6/./gobject/gclosure.c:878
#45 0xb47cb372 in g_closure_invoke (closure=0x80e3590, return_value=0xbfffdf24, n_param_values=2, 
    param_values=0x8120118, invocation_hint=0xbfffdf10)
    at /build/buildd/glib2.0-2.28.6/./gobject/gclosure.c:767
#46 0xb47dde45 in signal_emit_unlocked_R (node=0x80f22a8, detail=0, instance=0x80c2a50, 
    emission_return=0xbfffe05c, instance_and_params=0x8120118)
    at /build/buildd/glib2.0-2.28.6/./gobject/gsignal.c:3290
#47 0xb47e68d7 in g_signal_emit_valist (instance=0x80c2a50, signal_id=34, detail=0, 
    var_args=0xbfffe0d0 "\374\340\377\277") at /build/buildd/glib2.0-2.28.6/./gobject/gsignal.c:2993
#48 0xb47e6cc2 in g_signal_emit (instance=0x80c2a50, signal_id=34, detail=0)
    at /build/buildd/glib2.0-2.28.6/./gobject/gsignal.c:3040
#49 0xb4d13e9d in ?? () from /usr/lib/libgtk-3.so.0
#50 0xb4d140d5 in gtk_widget_draw () from /usr/lib/libgtk-3.so.0
#51 0x080772c3 in createBitmapContextFromWebView (drawSelectionRect=false)
    at ../../Tools/DumpRenderTree/gtk/PixelDumpSupportGtk.cpp:59
#52 0x08069534 in dumpWebViewAsPixelsAndCompareWithExpected (expectedHash=...)
    at ../../Tools/DumpRenderTree/PixelDumpSupport.cpp:54
#53 0x0806f2fb in dump () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:589
#54 0x080705ad in topLoadingFrameLoadFinished () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1031
#55 0x080706d1 in webFrameLoadStatusNotified (frame=0x80d0fb0, user_data=0x80d1260)
    at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1061
#56 0xb47e7e48 in g_cclosure_marshal_VOID__PARAM (closure=0x80e98e8, return_value=0x0, n_param_values=2, 
    param_values=0x8120028, invocation_hint=0xbfffe430, marshal_data=0x0)
    at /build/buildd/glib2.0-2.28.6/./gobject/gmarshal.c:533
#57 0xb47cb372 in g_closure_invoke (closure=0x80e98e8, return_value=0x0, n_param_values=2, 
    param_values=0x8120028, invocation_hint=0xbfffe430)
    at /build/buildd/glib2.0-2.28.6/./gobject/gclosure.c:767
#58 0xb47de048 in signal_emit_unlocked_R (node=0x80ab648, detail=781, instance=0x80d0fb0, 
    emission_return=0x0, instance_and_params=0x8120028)
    at /build/buildd/glib2.0-2.28.6/./gobject/gsignal.c:3252
#59 0xb47e6b29 in g_signal_emit_valist (instance=0x80d0fb0, signal_id=1, detail=781, 
    var_args=0xbfffe5f0 "$\265z\264 \212\025\b") at /build/buildd/glib2.0-2.28.6/./gobject/gsignal.c:2983
#60 0xb47e6cc2 in g_signal_emit (instance=0x80d0fb0, signal_id=1, detail=781)
    at /build/buildd/glib2.0-2.28.6/./gobject/gsignal.c:3040
#61 0xb47cd0e1 in g_object_dispatch_properties_changed (object=0x80d0fb0, n_pspecs=1, pspecs=0xbfffe680)
    at /build/buildd/glib2.0-2.28.6/./gobject/gobject.c:925
#62 0xb47cc3ef in g_object_notify_dispatcher (object=0x80d0fb0, n_pspecs=1, pspecs=0xbfffe680)
    at /build/buildd/glib2.0-2.28.6/./gobject/gobject.c:330
#63 0xb47cf379 in g_object_notify_queue_thaw (object=0x80d0fb0, property_name=0xb61bcc58 "load-status")
    at /build/buildd/glib2.0-2.28.6/./gobject/gobjectnotifyqueue.c:132
#64 g_object_notify_by_spec_internal (object=0x80d0fb0, property_name=0xb61bcc58 "load-status")
    at /build/buildd/glib2.0-2.28.6/./gobject/gobject.c:983
#65 g_object_notify (object=0x80d0fb0, property_name=0xb61bcc58 "load-status")
    at /build/buildd/glib2.0-2.28.6/./gobject/gobject.c:1024
#66 0xb51cfe2e in WebKit::notifyStatus (frame=0x80d0fb0, loadStatus=WEBKIT_LOAD_FINISHED)
    at ../../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:175
#67 0xb51cfeeb in WebKit::loadDone (frame=0x80d0fb0, didSucceed=true)
    at ../../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:191
#68 0xb51d238c in WebKit::FrameLoaderClient::dispatchDidFinishLoad (this=0x8133f50)
    at ../../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:686
#69 0xb581450e in WebCore::FrameLoader::checkLoadCompleteForThisFrame (this=0x8134fe0)
    at ../../Source/WebCore/loader/FrameLoader.cpp:2274
#70 0xb5814c44 in WebCore::FrameLoader::checkLoadComplete (this=0x8134fe0)
    at ../../Source/WebCore/loader/FrameLoader.cpp:2390
#71 0xb5813b0b in WebCore::FrameLoader::finishedLoading (this=0x8134fe0)
    at ../../Source/WebCore/loader/FrameLoader.cpp:2069
#72 0xb5843b99 in WebCore::MainResourceLoader::didFinishLoading (this=0x8494478, finishTime=0)
    at ../../Source/WebCore/loader/MainResourceLoader.cpp:488
#73 0xb584f313 in WebCore::ResourceLoader::didFinishLoading (this=0x8494478, finishTime=0)
    at ../../Source/WebCore/loader/ResourceLoader.cpp:451
#74 0xb59bc865 in WebCore::readCallback (source=0x84940c0, asyncResult=0x84ad360, data=0x0)
    at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:855
#75 0xb48529ff in async_ready_callback_wrapper (source_object=0x84940c0, res=0x84ad360, user_data=0x0)
    at /build/buildd/glib2.0-2.28.6/./gio/ginputstream.c:470
#76 0xb4863ccf in g_simple_async_result_complete (simple=0x84ad360)
    at /build/buildd/glib2.0-2.28.6/./gio/gsimpleasyncresult.c:747
#77 0xb4863d4e in complete_in_idle_cb_for_thread (_data=0x84bcf50)
    at /build/buildd/glib2.0-2.28.6/./gio/gsimpleasyncresult.c:812
#78 0xb4711311 in g_idle_dispatch (source=0x8499768, callback=0xb4863d20 <complete_in_idle_cb_for_thread>, 
    user_data=0x84bcf50) at /build/buildd/glib2.0-2.28.6/./glib/gmain.c:4545
#79 0xb4715aa8 in g_main_dispatch (context=0x80c6478) at /build/buildd/glib2.0-2.28.6/./glib/gmain.c:2440
#80 g_main_context_dispatch (context=0x80c6478) at /build/buildd/glib2.0-2.28.6/./glib/gmain.c:3013
#81 0xb4716270 in g_main_context_iterate (context=0x80c6478, block=-1267570656, dispatch=1, 
    self=<value optimized out>) at /build/buildd/glib2.0-2.28.6/./glib/gmain.c:3091
#82 0xb471692b in g_main_loop_run (loop=0x80d2468) at /build/buildd/glib2.0-2.28.6/./glib/gmain.c:3299
#83 0xb4bc2e5d in gtk_main () from /usr/lib/libgtk-3.so.0
#84 0x0806f85f in runTest (testPathOrURL=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:710
#85 0x08071089 in main (argc=3, argv=0xbfffecd4) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:120

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list