[Webkit-unassigned] [Bug 167772] New: [EFL][CoordinatedGraphics] Layer animations involving calc cause a crash in UI process at WebCore::Length::ref()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 2 18:37:16 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=167772

            Bug ID: 167772
           Summary: [EFL][CoordinatedGraphics] Layer animations involving
                    calc cause a crash in UI process at
                    WebCore::Length::ref()
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit EFL
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Hironori.Fujii at sony.com
                CC: lucas.de.marchi at gmail.com

Created attachment 300482
  --> https://bugs.webkit.org/attachment.cgi?id=300482&action=review
test content of layer animation with calc

[EFL][CoordinatedGraphics] Layer animations involving calc cause a crash in UI process at WebCore::Length::ref()

This bug happens only in multiprocess CoordinatedGraphics which is used only in EFL port.

> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x00007fa6e3215373 in WebCore::Length::ref() const () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> [Current thread is 1 (Thread 0x7fa6e4b2dac0 (LWP 52089))]
> (gdb) bt
> #0  0x00007fa6e3215373 in WebCore::Length::ref() const () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #1  0x00007fa6e2b2eadf in IPC::ArgumentCoder<WebCore::TransformOperations>::decode(IPC::Decoder&, WebCore::TransformOperations&) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #2  0x00007fa6e2b2efcd in IPC::ArgumentCoder<WebCore::TextureMapperAnimation>::decode(IPC::Decoder&, WebCore::TextureMapperAnimation&) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #3  0x00007fa6e2b2f4bf in IPC::ArgumentCoder<WebCore::TextureMapperAnimations>::decode(IPC::Decoder&, WebCore::TextureMapperAnimations&) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #4  0x00007fa6e2b30bcd in IPC::ArgumentCoder<WebCore::CoordinatedGraphicsLayerState>::decode(IPC::Decoder&, WebCore::CoordinatedGraphicsLayerState&) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #5  0x00007fa6e2b325cd in IPC::VectorArgumentCoder<false, std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul>::decode(IPC::Decoder&, WTF::Vector<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul, WTF::CrashOnOverflow, 16ul>&) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #6  0x00007fa6e2b35947 in IPC::ArgumentCoder<WebCore::CoordinatedGraphicsState>::decode(IPC::Decoder&, WebCore::CoordinatedGraphicsState&) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #7  0x00007fa6e2bf858b in WebKit::CoordinatedLayerTreeHostProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #8  0x00007fa6e28d4689 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #9  0x00007fa6e2999192 in WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #10 0x00007fa6e28d1e2b in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #11 0x00007fa6e28d2be8 in IPC::Connection::dispatchOneMessage() () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #12 0x00007fa6e3b09e51 in WTF::RunLoop::performWork() () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1
> #13 0x00007fa6e164db2e in _ecore_pipe_handler_call (p=p at entry=0x1190d40, buf=0x236d0f0 "W\b7\002", len=<optimized out>)
>     at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesEFL/Source/efl-1.18.4/src/lib/ecore/ecore_pipe.c:511
> #14 0x00007fa6e164e1e9 in _ecore_pipe_read (data=0x1190d40, fd_handler=<optimized out>)
>     at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesEFL/Source/efl-1.18.4/src/lib/ecore/ecore_pipe.c:637
> #15 0x00007fa6e164bb82 in _ecore_call_fd_cb (fd_handler=0x1186da0, data=<optimized out>, func=<optimized out>)
>     at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesEFL/Source/efl-1.18.4/src/lib/ecore/ecore_private.h:333
> #16 _ecore_main_fd_handlers_call () at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesEFL/Source/efl-1.18.4/src/lib/ecore/ecore_main.c:1974
> #17 _ecore_main_loop_iterate_internal (once_only=once_only at entry=0)
>     at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesEFL/Source/efl-1.18.4/src/lib/ecore/ecore_main.c:2339
> #18 0x00007fa6e164bf67 in ecore_main_loop_begin () at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesEFL/Source/efl-1.18.4/src/lib/ecore/ecore_main.c:1286
> #19 0x000000000040c9c1 in elm_main ()
> #20 0x00000000004066ec in main ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170203/c07ef4c2/attachment.html>

More information about the webkit-unassigned mailing list