[Webkit-unassigned] [Bug 70479] New: REGRESSION: Crash in WebCore::Image::drawPattern
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 19 23:50:54 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=70479
Summary: REGRESSION: Crash in WebCore::Image::drawPattern
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
URL: http://www.google.com/
OS/Version: Mac OS X 10.7
Status: UNCONFIRMED
Severity: Blocker
Priority: P1
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rex_4539 at yahoo.com
Created an attachment (id=111731)
--> (https://bugs.webkit.org/attachment.cgi?id=111731&action=review)
Crash log.
r97939
Reproducibility: always
Steps:
Go to http://www.google.com/
What happened:
Infinite loop and WebKit crashes.
WebProcess(25699,0x10caf5960) malloc: *** error for object 0x7ff58ea3e0d0: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x000000010e8f4390 objc_msgSend_vtable14 + 16
1 com.apple.CoreFoundation 0x000000010e9ee110 CFRelease + 176
2 com.apple.CoreFoundation 0x000000010e9ee256 CFRelease + 502
3 com.apple.CoreGraphics 0x0000000117691abf color_finalize + 30
4 com.apple.CoreFoundation 0x000000010e9ee256 CFRelease + 502
5 com.apple.CoreGraphics 0x0000000117750ecf CGContextDrawTiledImage + 1216
6 com.apple.WebCore 0x000000011142f8bc WebCore::Image::drawPattern(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::AffineTransform const&, WebCore::FloatPoint const&, WebCore::ColorSpace, WebCore::CompositeOperator, WebCore::FloatRect const&) + 1916 (ImageCG.cpp:265)
7 com.apple.WebCore 0x0000000111429e58 WebCore::ImageBuffer::drawPattern(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::AffineTransform const&, WebCore::FloatPoint const&, WebCore::ColorSpace, WebCore::CompositeOperator, WebCore::FloatRect const&) + 456 (ImageBufferCG.cpp:245)
8 com.apple.WebCore 0x000000011128133c WebCore::GeneratedImage::drawPattern(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::AffineTransform const&, WebCore::FloatPoint const&, WebCore::ColorSpace, WebCore::CompositeOperator, WebCore::FloatRect const&) + 588 (GeneratedImage.cpp:67)
9 com.apple.WebCore 0x0000000111427f55 WebCore::Image::drawTiled(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::FloatPoint const&, WebCore::FloatSize const&, WebCore::ColorSpace, WebCore::CompositeOperator) + 1829 (Image.cpp:133)
10 com.apple.WebCore 0x00000001112a5c58 WebCore::GraphicsContext::drawTiledImage(WebCore::Image*, WebCore::ColorSpace, WebCore::IntRect const&, WebCore::IntPoint const&, WebCore::IntSize const&, WebCore::CompositeOperator, bool) + 472 (GraphicsContext.cpp:502)
11 com.apple.WebCore 0x0000000111c65ace WebCore::RenderBoxModelObject::paintFillLayerExtended(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const*, WebCore::IntRect const&, WebCore::BackgroundBleedAvoidance, WebCore::InlineFlowBox*, WebCore::IntSize const&, WebCore::CompositeOperator, WebCore::RenderObject*) + 6478 (RenderBoxModelObject.cpp:781)
12 com.apple.WebCore 0x0000000111c4f751 WebCore::RenderBox::paintFillLayer(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const*, WebCore::IntRect const&, WebCore::BackgroundBleedAvoidance, WebCore::CompositeOperator, WebCore::RenderObject*) + 225 (RenderBox.cpp:1091)
13 com.apple.WebCore 0x0000000111c4e810 WebCore::RenderBox::paintFillLayers(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const*, WebCore::IntRect const&, WebCore::BackgroundBleedAvoidance, WebCore::CompositeOperator, WebCore::RenderObject*) + 208 (RenderBox.cpp:1085)
14 com.apple.WebCore 0x0000000111c4eef4 WebCore::RenderBox::paintBackground(WebCore::PaintInfo const&, WebCore::IntRect const&, WebCore::BackgroundBleedAvoidance) + 308 (RenderBox.cpp:961)
15 com.apple.WebCore 0x0000000111c4ebd6 WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::IntPoint const&) + 630 (RenderBox.cpp:938)
16 com.apple.WebCore 0x0000000111bf5ed9 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::IntPoint const&) + 201 (RenderBlock.cpp:2572)
17 com.apple.WebCore 0x0000000111bf457d WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::IntPoint const&) + 333 (RenderBlock.cpp:2369)
18 com.apple.WebCore 0x0000000111ccac9a WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) + 2650 (RenderLayer.cpp:2783)
19 com.apple.WebCore 0x0000000111ccc71f WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul>*, WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) + 223 (RenderLayer.cpp:2865)
20 com.apple.WebCore 0x0000000111ccb19b WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) + 3931 (RenderLayer.cpp:2829)
21 com.apple.WebCore 0x0000000111ccc71f WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul>*, WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) + 223 (RenderLayer.cpp:2865)
22 com.apple.WebCore 0x0000000111ccb19b WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) + 3931 (RenderLayer.cpp:2829)
23 com.apple.WebCore 0x0000000111cca155 WebCore::RenderLayer::paint(WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, unsigned int) + 181 (RenderLayer.cpp:2550)
24 com.apple.WebCore 0x000000011126d0d9 WebCore::FrameView::paintContents(WebCore::GraphicsContext*, WebCore::IntRect const&) + 1385 (FrameView.cpp:2761)
25 com.apple.WebCore 0x0000000111ea5dc7 WebCore::ScrollView::paint(WebCore::GraphicsContext*, WebCore::IntRect const&) + 1015 (ScrollView.cpp:1047)
26 com.apple.WebKit2 0x000000010f29e06e WebKit::WebPage::drawRect(WebCore::GraphicsContext&, WebCore::IntRect const&) + 302 (WebPage.cpp:771)
27 com.apple.WebKit2 0x000000010f4927e3 WebKit::DrawingAreaImpl::display(WebKit::UpdateInfo&) + 1971 (DrawingAreaImpl.cpp:671)
28 com.apple.WebKit2 0x000000010f4915ca WebKit::DrawingAreaImpl::display() + 426 (DrawingAreaImpl.cpp:572)
29 com.apple.WebKit2 0x000000010f490129 WebKit::DrawingAreaImpl::displayTimerFired() + 153 (DrawingAreaImpl.cpp:550)
30 com.apple.WebKit2 0x000000010f493bdb RunLoop::Timer<WebKit::DrawingAreaImpl>::fired() + 107 (RunLoop.h:127)
31 com.apple.WebKit2 0x000000010f24236d RunLoop::TimerBase::timerFired(__CFRunLoopTimer*, void*) + 109 (RunLoopMac.mm:115)
32 com.apple.CoreFoundation 0x000000010ea3df84 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
33 com.apple.CoreFoundation 0x000000010ea3dad6 __CFRunLoopDoTimer + 534
34 com.apple.CoreFoundation 0x000000010ea1e471 __CFRunLoopRun + 1617
35 com.apple.CoreFoundation 0x000000010ea1dae6 CFRunLoopRunSpecific + 230
36 com.apple.HIToolbox 0x000000011a6bd3d3 RunCurrentEventLoopInMode + 277
37 com.apple.HIToolbox 0x000000011a6c463d ReceiveNextEventCommon + 355
38 com.apple.HIToolbox 0x000000011a6c44ca BlockUntilNextEventMatchingListInMode + 62
39 com.apple.AppKit 0x00000001162cc3f1 _DPSNextEvent + 659
40 com.apple.AppKit 0x00000001162cbcf5 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135
41 com.apple.AppKit 0x00000001162c862d -[NSApplication run] + 470
42 com.apple.WebKit2 0x000000010f24204c RunLoop::run() + 92 (RunLoopMac.mm:65)
43 com.apple.WebKit2 0x000000010f32be8f WebKit::WebProcessMain(WebKit::CommandLine const&) + 1103 (WebProcessMainMac.mm:118)
44 com.apple.WebKit2 0x000000010f29797f _ZL10WebKitMainRKN6WebKit11CommandLineE + 239 (WebKitMain.cpp:50)
45 com.apple.WebKit2 0x000000010f29786d WebKitMain + 173 (WebKitMain.cpp:74)
46 com.apple.WebProcess 0x000000010e00fd82 main + 290
47 com.apple.WebProcess 0x000000010e00fc54 start + 52
Expected result:
WebKit does not crash.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list