[Webkit-unassigned] [Bug 107467] New: [Safari] Crash with opacity + drop shadow filter + child element extending beyond filter outsets

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 21 11:56:06 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=107467

           Summary: [Safari] Crash with opacity + drop shadow filter +
                    child element extending beyond filter outsets
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
        OS/Version: Mac OS X 10.8
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mvujovic at adobe.com
                CC: simon.fraser at apple.com, achicu at adobe.com


Created an attachment (id=183813)
 --> (https://bugs.webkit.org/attachment.cgi?id=183813&action=review)
Reproduction

To reproduce the crash, open the attached reproduction in Safari WebKit nightly r140335.

The crash does not occur in Chromium.

Here's the crash log:

OS Version:      Mac OS X 10.8.1 (12B19)
Crashed Thread:  0  Dispatch queue: com.apple.main-thread
Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Application Specific Information:
Assertion failed: (s->stack->next != NULL), function CGGStackRestore, file Context/CGGStack.c, line 77. 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib          0x00007fff99742212 __pthread_kill + 10
1   libsystem_c.dylib               0x00007fff99a82b34 pthread_kill + 90
2   libsystem_c.dylib               0x00007fff99ac6dfa abort + 143
3   libsystem_c.dylib               0x00007fff99ac7dd5 __assert_rtn + 146
4   com.apple.CoreGraphics          0x00007fff94ceb6c8 CGGStackRestore + 145
5   com.apple.CoreGraphics          0x00007fff94ceb60e CGContextRestoreGState + 32
6   com.apple.WebCore               0x000000010507d8be WebCore::TileCache::drawLayer(WebTileLayer*, CGContext*) + 174
7   com.apple.WebCore               0x00000001050f19e1 -[WebTileLayer drawInContext:] + 33
8   com.apple.QuartzCore            0x00007fff98d352a2 CABackingStoreUpdate_ + 4104
9   com.apple.QuartzCore            0x00007fff98d33ce2 CA::Layer::display_() + 1188
10  com.apple.QuartzCore            0x00007fff98d33661 CA::Layer::display_if_needed(CA::Transaction*) + 593
11  com.apple.QuartzCore            0x00007fff98d32e7b CA::Layer::layout_and_display_if_needed(CA::Transaction*) + 35
12  com.apple.QuartzCore            0x00007fff98d28653 CA::Context::commit_transaction(CA::Transaction*) + 261
13  com.apple.QuartzCore            0x00007fff98d28423 CA::Transaction::commit() + 369
14  com.apple.QuartzCore            0x00007fff98d2823f CA::Transaction::observer_callback(__CFRunLoopObserver*, unsigned long, void*) + 63
15  com.apple.CoreFoundation        0x00007fff96f890c7 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23
16  com.apple.CoreFoundation        0x00007fff96f89031 __CFRunLoopDoObservers + 369
17  com.apple.CoreFoundation        0x00007fff96f63df4 CFRunLoopRunSpecific + 324
18  com.apple.HIToolbox             0x00007fff949ab774 RunCurrentEventLoopInMode + 209
19  com.apple.HIToolbox             0x00007fff949ab512 ReceiveNextEventCommon + 356
20  com.apple.HIToolbox             0x00007fff949ab3a3 BlockUntilNextEventMatchingListInMode + 62
21  com.apple.AppKit                0x00007fff90da5fa3 _DPSNextEvent + 685
22  com.apple.AppKit                0x00007fff90da5862 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
23  com.apple.AppKit                0x00007fff90d9cc03 -[NSApplication run] + 517
24  com.apple.WebCore               0x0000000104eb28dd WebCore::RunLoop::run() + 77
25  com.apple.WebKit2               0x0000000103c9defb int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMainDelegate>(WebKit::CommandLine const&) + 495
26  com.apple.WebKit2               0x0000000103c40997 WebKitMain + 299
27  com.apple.WebProcess            0x0000000103b43e7b main + 214
28  libdyld.dylib                   0x00007fff947f57e1 start + 1


In a debug build, I hit an assertion in GraphicsContext::endTransparencyLayer:

ERROR: ERROR void GraphicsContext::restore() stack is empty
/Users/mvujovic/Documents/www/ChromiumSources/ChromiumWebKit/src/third_party/WebKit/Source/WebCore/platform/graphics/GraphicsContext.cpp(111) : void WebCore::GraphicsContext::restore()
ASSERTION FAILED: m_transparencyCount > 0
/Users/mvujovic/Documents/www/ChromiumSources/ChromiumWebKit/src/third_party/WebKit/Source/WebCore/platform/graphics/GraphicsContext.cpp(356) : void WebCore::GraphicsContext::endTransparencyLayer()
1   0x104a236a1 WebCore::GraphicsContext::endTransparencyLayer()
2   0x105660571 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
3   0x10565ed3b WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
4   0x10565e3d8 WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
5   0x105660f29 WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul>*, WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
6   0x1056600af WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
7   0x10565ed3b WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
8   0x10565e3d8 WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
9   0x105660f29 WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul>*, WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
10  0x1056600af WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
11  0x105685288 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, unsigned int)
12  0x105685544 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, unsigned int, WebCore::IntRect const&)
13  0x104a50fa0 WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::IntRect const&)
14  0x104a5e4d0 WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::GraphicsContext&, WebCore::IntRect const&)
15  0x104a5e517 non-virtual thunk to WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::GraphicsContext&, WebCore::IntRect const&)
16  0x105cc0120 drawLayerContents(CGContext*, CALayer*, WebCore::PlatformCALayer*)
17  0x105c0e95b WebCore::TileCache::drawLayer(WebTileLayer*, CGContext*)
18  0x105cdc149 -[WebTileLayer drawInContext:]
19  0x7fff98d352a2 CABackingStoreUpdate_
20  0x7fff98d33ce2 CA::Layer::display_()
21  0x7fff98d33661 CA::Layer::display_if_needed(CA::Transaction*)
22  0x7fff98d32e7b CA::Layer::layout_and_display_if_needed(CA::Transaction*)
23  0x7fff98d28653 CA::Context::commit_transaction(CA::Transaction*)
24  0x7fff98d28423 CA::Transaction::commit()
25  0x7fff98d2823f CA::Transaction::observer_callback(__CFRunLoopObserver*, unsigned long, void*)
26  0x7fff96f890c7 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
27  0x7fff96f89031 __CFRunLoopDoObservers
28  0x7fff96f64571 __CFRunLoopRun
29  0x7fff96f63dd2 CFRunLoopRunSpecific
30  0x7fff949ab774 RunCurrentEventLoopInMode
31  0x7fff949ab512 ReceiveNextEventCommon

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list