[Webkit-unassigned] [Bug 82992] New: [Qt] Crash in ~GraphicsContext3D() when init failed for Qt

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 2 18:38:26 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=82992

           Summary: [Qt] Crash in ~GraphicsContext3D() when init failed
                    for Qt
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Platform
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: srikumar.b at gmail.com
                CC: srikumar.b at gmail.com


webkit crashes while destructing GraphicsContext3D object when the init failed in GraphicsContext3D constructor.

We are trying to access and deallocate member variables which are never been allocated when constructor init failed in Source/WebCore/platform/graphics/qt/GraphicsContext3DQt.cpp


Here is the backtrack for the crash

#0  0xb62bcc76 in WTF::OwnPtr<WebCore::GraphicsContext3DPrivate>::operator-> (this=0x8e1bad8) at ../../../../Source/WTF/wtf/OwnPtr.h:64
#1  0xb62bc392 in WebCore::GraphicsContext3D::makeContextCurrent (this=0x8e1b9c8) at ../../../../Source/WebCore/platform/graphics/qt/GraphicsContext3DQt.cpp:390
#2  0xb62bc11e in WebCore::GraphicsContext3D::~GraphicsContext3D (this=0x8e1b9c8, __in_chrg=<value optimized out>) at ../../../../Source/WebCore/platform/graphics/qt/GraphicsContext3DQt.cpp:351
#3  0xb62ab55b in WTF::RefCounted<WebCore::GraphicsContext3D>::deref (this=0x8e1b9c8) at ../../../../Source/WTF/wtf/RefCounted.h:190
#4  0xb62a9657 in WTF::derefIfNotNull<WebCore::GraphicsContext3D> (ptr=0x8e1b9c8) at ../../../../Source/WTF/wtf/PassRefPtr.h:52
#5  0xb62a6f21 in WTF::RefPtr<WebCore::GraphicsContext3D>::~RefPtr (this=0xbfffd42c, __in_chrg=<value optimized out>) at ../../../../Source/WTF/wtf/RefPtr.h:58
#6  0xb62bba0e in WebCore::GraphicsContext3D::create (attrs=..., hostWindow=0x82a3d20, renderStyle=WebCore::GraphicsContext3D::RenderOffscreen) at ../../../../Source/WebCore/platform/graphics/qt/GraphicsContext3DQt.cpp:243
#7  0xb629032b in WebCore::WebGLRenderingContext::create (canvas=0x8e1df90, attrs=0x8e1b5a0) at ../../../../Source/WebCore/html/canvas/WebGLRenderingContext.cpp:409
#8  0xb5b5427d in WebCore::HTMLCanvasElement::getContext (this=0x8e1df90, type=..., attrs=0x8e1b5a0) at ../../../../Source/WebCore/html/HTMLCanvasElement.cpp:202
#9  0xb57463ea in WebCore::JSHTMLCanvasElement::getContext (this=0xa7a59e40, exec=0xa88672a8) at ../../../../Source/WebCore/bindings/js/JSHTMLCanvasElementCustom.cpp:75
#10 0xb647cbee in WebCore::jsHTMLCanvasElementPrototypeFunctionGetContext (exec=0xa88672a8) at generated/JSHTMLCanvasElement.cpp:208
#11 0xa7e7b309 in ?? ()
#12 0xb6789e29 in JSC::JITCode::execute (this=0xa7f210b0, registerFile=0x8497ba4, callFrame=0xa8867038, globalData=0x82f0258) at ../../../../Source/JavaScriptCore/jit/JITCode.h:127
#13 0xb6786a48 in JSC::Interpreter::execute (this=0x8497b98, program=0xa7f210a0, callFrame=0xa7fffcb4, scopeChain=0xa7fdffe0, thisObj=0xa803ffc0) at ../../../../Source/JavaScriptCore/interpreter/Interpreter.cpp:1198
#14 0xb6845f44 in JSC::evaluate (exec=0xa7fffcb4, scopeChain=0xa7fdffe0, source=..., thisValue=..., returnedException=0xbfffe1b4) at ../../../../Source/JavaScriptCore/runtime/Completion.cpp:73
#15 0xb575012e in WebCore::JSMainThreadExecState::evaluate (exec=0xa7fffcb4, chain=0xa7fdffe0, source=..., thisValue=..., exception=0xbfffe1b4) at ../../../../Source/WebCore/bindings/js/JSMainThreadExecState.h:76
#16 0xb577e495 in WebCore::ScriptController::evaluateInWorld (this=0x82ee478, sourceCode=..., world=0x84980c8) at ../../../../Source/WebCore/bindings/js/ScriptController.cpp:145
#17 0xb577e5ca in WebCore::ScriptController::evaluate (this=0x82ee478, sourceCode=...) at ../../../../Source/WebCore/bindings/js/ScriptController.cpp:162
#18 0xb5a32933 in WebCore::ScriptElement::executeScript (this=0x870add8, sourceCode=...) at ../../../../Source/WebCore/dom/ScriptElement.cpp:290
#19 0xb5a322a5 in WebCore::ScriptElement::prepareScript (this=0x870add8, scriptStartPosition=..., supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute) at ../../../../Source/WebCore/dom/ScriptElement.cpp:235
#20 0xb5bf026d in WebCore::HTMLScriptRunner::runScript (this=0x82c6468, script=0x870ad98, scriptStartPosition=...) at ../../../../Source/WebCore/html/parser/HTMLScriptRunner.cpp:296

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list