[Webkit-unassigned] [Bug 84055] New: [Chromium] css3/filters/huge-region-composited.html crashes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 16 11:19:27 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=84055

           Summary: [Chromium] css3/filters/huge-region-composited.html
                    crashes
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: scheib at chromium.org
                CC: bsalomon at google.com, tomhudson at google.com


css3/filters/huge-region-composited.html crashes since its introduction in 
http://trac.webkit.org/changeset/114172/
"""
Don't process filters if the input region is exceptionally large.
 https://bugs.webkit.org/show_bug.cgi?id=83317
Reviewed by Simon Fraser.
Source/WebCore:
An extremely large element causes problems with filters, either by
taking too long to compute the output or using too much memory. The
filter engine already has some constants for maximum expected size.
Make sure the render tree checks them before deciding to apply
effects.
Tests: css3/filters/huge-region-composited.html
css3/filters/huge-region.html
"""

See test results 
http://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=css3%2Ffilters%2Fhuge-region-composited.html
e.g. 
http://build.chromium.org/p/chromium.webkit/builders/Webkit%20Linux/builds/23874

Stack Trace:
10:29:13.896 6959 worker/1 css3/filters/huge-region-composited.html crashed, stack trace:
10:29:13.897 6959       base::debug::StackTrace::StackTrace() [0x66bede]
10:29:13.897 6959       base::(anonymous namespace)::StackDumpSignalHandler() [0x656a79]
10:29:13.897 6959       0x7f17e1857af0
10:29:13.897 6959       GrContext::gaussianBlur() [0x6afd28]
10:29:13.897 6959       filter_texture() [0x16b97ce]
10:29:13.897 6959       SkGpuDevice::drawSprite() [0x16bd930]
10:29:13.897 6959       SkCanvas::drawSprite() [0x67fc08]
10:29:13.897 6959       WebCore::CCRenderSurfaceFilters::apply() [0xbc896a]
10:29:13.897 6959       WebCore::CCRenderSurface::applyFilters() [0xbc77ec]
10:29:13.897 6959       WebCore::CCRenderSurface::drawContents() [0xbc78a2]
10:29:13.897 6959       WebCore::LayerRendererChromium::drawRenderSurfaceQuad() [0xc21a9a]
10:29:13.897 6959       WebCore::LayerRendererChromium::drawQuad() [0xc28293]
10:29:13.897 6959       WebCore::LayerRendererChromium::drawRenderPass() [0xc28373]
10:29:13.898 6959       WebCore::CCLayerTreeHostImpl::drawLayers() [0xbb98d5]
10:29:13.898 6959       WebCore::CCSingleThreadProxy::doComposite() [0xbc9c0f]
10:29:13.898 6959       WebCore::CCSingleThreadProxy::commitAndComposite() [0xbc9e17]
10:29:13.898 6959       WebCore::CCSingleThreadProxy::compositeAndReadback() [0xbca269]
10:29:13.898 6959       WebCore::CCLayerTreeHost::compositeAndReadback() [0xbaeebf]
10:29:13.898 6959       WebKit::WebLayerTreeView::compositeAndReadback() [0x4b9e11]
10:29:13.898 6959       WebKit::WebViewImpl::doPixelReadbackToCanvas() [0x47b78d]
10:29:13.898 6959       WebKit::WebViewImpl::paint() [0x47ba07]
10:29:13.898 6959       WebViewHost::paintRect() [0x450fb2]
10:29:13.898 6959       WebViewHost::paintInvalidatedRegion() [0x45112e]
10:29:13.898 6959       TestShell::dump() [0x44b6de]
10:29:13.898 6959       TestShell::testFinished() [0x44bcad]
10:29:13.899 6959       WebKit::FrameLoaderClientImpl::dispatchDidFinishLoad() [0x49c559]
10:29:13.899 6959       WebCore::FrameLoader::checkLoadCompleteForThisFrame() [0xe63c62]
10:29:13.899 6959       WebCore::FrameLoader::checkLoadComplete() [0xe63e32]
10:29:13.899 6959       WebCore::MainResourceLoader::didFinishLoading() [0xe731ac]
10:29:13.899 6959       webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest() [0x1543d1a]
10:29:13.899 6959       (anonymous namespace)::RequestProxy::NotifyCompletedRequest() [0x15c93d3]
10:29:13.899 6959       MessageLoop::RunTask() [0x648f7e]
10:29:13.899 6959       MessageLoop::DeferOrRunPendingTask() [0x6496a8]
10:29:13.899 6959       MessageLoop::DoWork() [0x649ca8]
10:29:13.899 6959       base::MessagePumpGlib::RunWithDispatcher() [0x6642e5]
10:29:13.899 6959       MessageLoop::RunInternal() [0x64ada5]
10:29:13.899 6959       MessageLoop::Run() [0x64aefc]
10:29:13.900 6959       TestShell::waitTestFinished() [0x44bd95]
10:29:13.900 6959       TestShell::runFileTest() [0x44a30c]
10:29:13.900 6959       runTest() [0x426563]
10:29:13.900 6959       main [0x426c03]
10:29:13.900 6959       0x7f17e1842c4d
10:29:13.900 6959       0x41a839
10:29:13.901 6959 worker/1 killing driver

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list