[Webkit-unassigned] [Bug 134593] New: [GTK] [Stable] Crash in TSymbolTableLevel::~TSymbolTableLevel with GCC 4.9

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 3 07:13:56 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=134593

           Summary: [GTK] [Stable] Crash in
                    TSymbolTableLevel::~TSymbolTableLevel with GCC 4.9
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: berto at igalia.com


There's a bug in ANGLE triggered with GCC 4.9.

It crashes the WebProcess when you open some sites like http://gabrielecirulli.github.io/2048/

(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00007f24f4756b17 in TSymbolTableLevel::~TSymbolTableLevel() () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#2  0x00007f24f4707891 in TCompiler::compile(char const* const*, unsigned long, int) () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#3  0x00007f24f47554dc in ShCompile () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#4  0x00007f24f4aca780 in WebCore::ANGLEWebKitBridge::compileShaderSource(char const*, WebCore::ANGLEShaderType, WTF::String&, WTF::String&, WTF::Vector<WebCore::ANGLEShaderSymbol, 0ul, WTF::CrashOnOverflow>&, int) () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#5  0x00007f24f4abedc0 in WebCore::Extensions3DOpenGLCommon::getTranslatedShaderSourceANGLE(unsigned int) ()
   from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25


master is not affected by this, but the stable branch (2.4.3) is. This has been reported and fixed upstream:

https://code.google.com/p/angleproject/issues/detail?id=651

However the patch doesn't apply cleanly against the ANGLE version in our stable branch. This one, also posted there, and apparently used by Mozilla, does work, though:

--- a/Source/ThirdParty/ANGLE/src/compiler/SymbolTable.cpp
+++ b/Source/ThirdParty/ANGLE/src/compiler/SymbolTable.cpp
@@ -171,7 +171,8 @@ TFunction::~TFunction()
 TSymbolTableLevel::~TSymbolTableLevel()
 {
     for (tLevel::iterator it = level.begin(); it != level.end(); ++it)
-        delete (*it).second;
+        if ((*it).first == (*it).second->getMangledName())
+            delete (*it).second;
 }

 //

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list