[Webkit-unassigned] [Bug 82992] New: [Qt] Crash in ~GraphicsContext3D() when init failed for Qt
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 2 18:38:26 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=82992
Summary: [Qt] Crash in ~GraphicsContext3D() when init failed
for Qt
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: Linux
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Platform
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: srikumar.b at gmail.com
CC: srikumar.b at gmail.com
webkit crashes while destructing GraphicsContext3D object when the init failed in GraphicsContext3D constructor.
We are trying to access and deallocate member variables which are never been allocated when constructor init failed in Source/WebCore/platform/graphics/qt/GraphicsContext3DQt.cpp
Here is the backtrack for the crash
#0 0xb62bcc76 in WTF::OwnPtr<WebCore::GraphicsContext3DPrivate>::operator-> (this=0x8e1bad8) at ../../../../Source/WTF/wtf/OwnPtr.h:64
#1 0xb62bc392 in WebCore::GraphicsContext3D::makeContextCurrent (this=0x8e1b9c8) at ../../../../Source/WebCore/platform/graphics/qt/GraphicsContext3DQt.cpp:390
#2 0xb62bc11e in WebCore::GraphicsContext3D::~GraphicsContext3D (this=0x8e1b9c8, __in_chrg=<value optimized out>) at ../../../../Source/WebCore/platform/graphics/qt/GraphicsContext3DQt.cpp:351
#3 0xb62ab55b in WTF::RefCounted<WebCore::GraphicsContext3D>::deref (this=0x8e1b9c8) at ../../../../Source/WTF/wtf/RefCounted.h:190
#4 0xb62a9657 in WTF::derefIfNotNull<WebCore::GraphicsContext3D> (ptr=0x8e1b9c8) at ../../../../Source/WTF/wtf/PassRefPtr.h:52
#5 0xb62a6f21 in WTF::RefPtr<WebCore::GraphicsContext3D>::~RefPtr (this=0xbfffd42c, __in_chrg=<value optimized out>) at ../../../../Source/WTF/wtf/RefPtr.h:58
#6 0xb62bba0e in WebCore::GraphicsContext3D::create (attrs=..., hostWindow=0x82a3d20, renderStyle=WebCore::GraphicsContext3D::RenderOffscreen) at ../../../../Source/WebCore/platform/graphics/qt/GraphicsContext3DQt.cpp:243
#7 0xb629032b in WebCore::WebGLRenderingContext::create (canvas=0x8e1df90, attrs=0x8e1b5a0) at ../../../../Source/WebCore/html/canvas/WebGLRenderingContext.cpp:409
#8 0xb5b5427d in WebCore::HTMLCanvasElement::getContext (this=0x8e1df90, type=..., attrs=0x8e1b5a0) at ../../../../Source/WebCore/html/HTMLCanvasElement.cpp:202
#9 0xb57463ea in WebCore::JSHTMLCanvasElement::getContext (this=0xa7a59e40, exec=0xa88672a8) at ../../../../Source/WebCore/bindings/js/JSHTMLCanvasElementCustom.cpp:75
#10 0xb647cbee in WebCore::jsHTMLCanvasElementPrototypeFunctionGetContext (exec=0xa88672a8) at generated/JSHTMLCanvasElement.cpp:208
#11 0xa7e7b309 in ?? ()
#12 0xb6789e29 in JSC::JITCode::execute (this=0xa7f210b0, registerFile=0x8497ba4, callFrame=0xa8867038, globalData=0x82f0258) at ../../../../Source/JavaScriptCore/jit/JITCode.h:127
#13 0xb6786a48 in JSC::Interpreter::execute (this=0x8497b98, program=0xa7f210a0, callFrame=0xa7fffcb4, scopeChain=0xa7fdffe0, thisObj=0xa803ffc0) at ../../../../Source/JavaScriptCore/interpreter/Interpreter.cpp:1198
#14 0xb6845f44 in JSC::evaluate (exec=0xa7fffcb4, scopeChain=0xa7fdffe0, source=..., thisValue=..., returnedException=0xbfffe1b4) at ../../../../Source/JavaScriptCore/runtime/Completion.cpp:73
#15 0xb575012e in WebCore::JSMainThreadExecState::evaluate (exec=0xa7fffcb4, chain=0xa7fdffe0, source=..., thisValue=..., exception=0xbfffe1b4) at ../../../../Source/WebCore/bindings/js/JSMainThreadExecState.h:76
#16 0xb577e495 in WebCore::ScriptController::evaluateInWorld (this=0x82ee478, sourceCode=..., world=0x84980c8) at ../../../../Source/WebCore/bindings/js/ScriptController.cpp:145
#17 0xb577e5ca in WebCore::ScriptController::evaluate (this=0x82ee478, sourceCode=...) at ../../../../Source/WebCore/bindings/js/ScriptController.cpp:162
#18 0xb5a32933 in WebCore::ScriptElement::executeScript (this=0x870add8, sourceCode=...) at ../../../../Source/WebCore/dom/ScriptElement.cpp:290
#19 0xb5a322a5 in WebCore::ScriptElement::prepareScript (this=0x870add8, scriptStartPosition=..., supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute) at ../../../../Source/WebCore/dom/ScriptElement.cpp:235
#20 0xb5bf026d in WebCore::HTMLScriptRunner::runScript (this=0x82c6468, script=0x870ad98, scriptStartPosition=...) at ../../../../Source/WebCore/html/parser/HTMLScriptRunner.cpp:296
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list