[Webkit-unassigned] [Bug 81954] New: [Chromium] Using WebViewPlugins with --force-compositing-mode can crash Chromium

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 22 13:16:25 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=81954

           Summary: [Chromium] Using WebViewPlugins with
                    --force-compositing-mode can crash Chromium
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: fsamuel at chromium.org


Here is a stack trace:

#0  0x00007f2b3c1d5597 in WebCore::GraphicsLayer::~GraphicsLayer (this=0x7f2b2e8fc400, __in_chrg=<optimized out>) at ../../third_party/WebKit/Source/WebCore/platform/graphics/GraphicsLayer.cpp:99
#1  0x00007f2b3c1f7ad7 in WebCore::GraphicsLayerChromium::~GraphicsLayerChromium (this=0x7f2b2e8fc400, __in_chrg=<optimized out>) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/GraphicsLayerChromium.cpp:107
#2  0x00007f2b3b576f08 in WTF::deleteOwnedPtr<WebCore::GraphicsLayer> (ptr=0x7f2b2e8fc400) at ../../third_party/WebKit/Source/JavaScriptCore/wtf/OwnPtrCommon.h:55
#3  0x00007f2b3b57e434 in WTF::OwnPtr<WebCore::GraphicsLayer>::clear (this=0x7f2b2e87c298) at ../../third_party/WebKit/Source/JavaScriptCore/wtf/OwnPtr.h:100
#4  0x00007f2b3b57e252 in WTF::OwnPtr<WebCore::GraphicsLayer>::operator= (this=0x7f2b2e87c298) at ../../third_party/WebKit/Source/JavaScriptCore/wtf/OwnPtr.h:73
#5  0x00007f2b3bbbd2b6 in WebCore::RenderLayerCompositor::destroyRootLayer (this=0x7f2b2e87c210) at ../../third_party/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:2021
#6  0x00007f2b3bbb68fb in WebCore::RenderLayerCompositor::enableCompositingMode (this=0x7f2b2e87c210, enable=false) at ../../third_party/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:184
#7  0x00007f2b3bbb906b in WebCore::RenderLayerCompositor::computeCompositingRequirements (this=0x7f2b2e87c210, layer=0x7f2b2e8792d8, overlapMap=0x7fffbc3bc6a0, compositingState=..., layersChanged=@0x7fffbc3bc69c)
    at ../../third_party/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:856
#8  0x00007f2b3bbb70ec in WebCore::RenderLayerCompositor::updateCompositingLayers (this=0x7f2b2e87c210, updateType=WebCore::CompositingUpdateAfterLayoutOrStyleChange, updateRoot=0x7f2b2e8792d8)
    at ../../third_party/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:361
#9  0x00007f2b3c8de2a5 in WebCore::FrameView::updateCompositingLayers (this=0x7f2b2f90a700) at ../../third_party/WebKit/Source/WebCore/page/FrameView.cpp:646
#10 0x00007f2b3c8dfa35 in WebCore::FrameView::layout (this=0x7f2b2f90a700, allowSubtree=true) at ../../third_party/WebKit/Source/WebCore/page/FrameView.cpp:1128
#11 0x00007f2b3c8e6f89 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive (this=0x7f2b2f90a700) at ../../third_party/WebKit/Source/WebCore/page/FrameView.cpp:3079
#12 0x00007f2b3b5c1336 in WebKit::WebFrameImpl::layout (this=0x7f2b2e844a00) at ../../third_party/WebKit/Source/WebKit/chromium/src/WebFrameImpl.cpp:2053
#13 0x00007f2b3b61becd in WebKit::WebViewImpl::layout (this=0x7f2b320a7600) at ../../third_party/WebKit/Source/WebKit/chromium/src/WebViewImpl.cpp:1391
#14 0x00007f2b39d2d9cc in webkit::WebViewPlugin::paint (this=0x7f2b2e87a270, canvas=0x7f2b2f8e1c40, rect=...) at ../../webkit/plugins/webview_plugin.cc:140
#15 0x00007f2b3b5f9883 in WebKit::WebPluginContainerImpl::paint (this=0x7f2b2e827640, gc=0x7f2b2e896b40, damageRect=...) at ../../third_party/WebKit/Source/WebKit/chromium/src/WebPluginContainerImpl.cpp:138
#16 0x00007f2b3bc4de6a in WebCore::RenderWidget::paint (this=0x7f2b2e849b58, paintInfo=..., paintOffset=...) at ../../third_party/WebKit/Source/WebCore/rendering/RenderWidget.cpp:299
#17 0x00007f2b3bb5c1e7 in WebCore::RenderEmbeddedObject::paint (this=0x7f2b2e849b58, paintInfo=..., paintOffset=...) at ../../third_party/WebKit/Source/WebCore/rendering/RenderEmbeddedObject.cpp:156

The simplest solution seems to be to get rid of the ASSERT(!s_inPaintContents) in GraphicsLayer::~GraphicsLayer.

Is there a better solution?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list