[Webkit-unassigned] [Bug 167772] [EFL][CoordinatedGraphics] Layer animations involving calc cause a crash in UI process at WebCore::Length::ref()

Thu Feb 2 18:39:58 PST 2017

https://bugs.webkit.org/show_bug.cgi?id=167772

--- Comment #1 from Fujii Hironori <Hironori.Fujii at sony.com> ---
An assertion failed in the debug build.

> ASSERTION FAILED: m_map.contains(handle)
> ../../Source/WebCore/platform/Length.cpp(220) : void WebCore::CalculationValueMap::ref(unsigned int)
> 1   0x7fd7ca6d39ca WTFCrash
> 2   0x7fd7c992cd59 WebCore::CalculationValueMap::ref(unsigned int)
> 3   0x7fd7c992bb65 WebCore::Length::ref() const
> 4   0x7fd7c8ce350a WebCore::Length::Length(WebCore::Length const&)
> 5   0x7fd7c8ce5d2c WebCore::TranslateTransformOperation::TranslateTransformOperation(WebCore::Length const&, WebCore::Length const&, WebCore::Length const&, WebCore::TransformOperation::OperationType)
> 6   0x7fd7c8ce5c07 WebCore::TranslateTransformOperation::create(WebCore::Length const&, WebCore::Length const&, WebCore::Length const&, WebCore::TransformOperation::OperationType)
> 7   0x7fd7c8cdf5a6 IPC::ArgumentCoder<WebCore::TransformOperations>::decode(IPC::Decoder&, WebCore::TransformOperations&)
> 8   0x7fd7c8ce9a1f std::enable_if<!std::is_enum<WebCore::TransformOperations>::value, bool>::type IPC::Decoder::decode<WebCore::TransformOperations>(WebCore::TransformOperations&)
> 9   0x7fd7c8ce0b46 IPC::ArgumentCoder<WebCore::TextureMapperAnimation>::decode(IPC::Decoder&, WebCore::TextureMapperAnimation&)
> 10  0x7fd7c8ceffc5 std::enable_if<!std::is_enum<WebCore::TextureMapperAnimation>::value, bool>::type IPC::Decoder::decode<WebCore::TextureMapperAnimation>(WebCore::TextureMapperAnimation&)
> 11  0x7fd7c8cedd20 IPC::VectorArgumentCoder<false, WebCore::TextureMapperAnimation, 0ul>::decode(IPC::Decoder&, WTF::Vector<WebCore::TextureMapperAnimation, 0ul, WTF::CrashOnOverflow, 16ul>&)
> 12  0x7fd7c8cea027 std::enable_if<!std::is_enum<WTF::Vector<WebCore::TextureMapperAnimation, 0ul, WTF::CrashOnOverflow, 16ul> >::value, bool>::type IPC::Decoder::decode<WTF::Vector<WebCore::TextureMapperAnimation, 0ul, WTF::CrashOnOverflow, 16ul> >(WTF::Vector<WebCore::TextureMapperAnimation, 0ul, WTF::CrashOnOverflow, 16ul>&)
> 13  0x7fd7c8ce0fc2 IPC::ArgumentCoder<WebCore::TextureMapperAnimations>::decode(IPC::Decoder&, WebCore::TextureMapperAnimations&)
> 14  0x7fd7c8cea2bf std::enable_if<!std::is_enum<WebCore::TextureMapperAnimations>::value, bool>::type IPC::Decoder::decode<WebCore::TextureMapperAnimations>(WebCore::TextureMapperAnimations&)
> 15  0x7fd7c8ce18fd IPC::ArgumentCoder<WebCore::CoordinatedGraphicsLayerState>::decode(IPC::Decoder&, WebCore::CoordinatedGraphicsLayerState&)
> 16  0x7fd7c8cf4461 std::enable_if<!std::is_enum<WebCore::CoordinatedGraphicsLayerState>::value, bool>::type IPC::Decoder::decode<WebCore::CoordinatedGraphicsLayerState>(WebCore::CoordinatedGraphicsLayerState&)
> 17  0x7fd7c8cf2769 IPC::ArgumentCoder<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState> >::decode(IPC::Decoder&, std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>&)
> 18  0x7fd7c8cf0917 std::enable_if<!std::is_enum<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState> >::value, bool>::type IPC::Decoder::decode<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState> >(std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>&)
> 19  0x7fd7c8cee6e4 IPC::VectorArgumentCoder<false, std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul>::decode(IPC::Decoder&, WTF::Vector<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul, WTF::CrashOnOverflow, 16ul>&)
> 20  0x7fd7c8cea673 std::enable_if<!std::is_enum<WTF::Vector<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul, WTF::CrashOnOverflow, 16ul> >::value, bool>::type IPC::Decoder::decode<WTF::Vector<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul, WTF::CrashOnOverflow, 16ul> >(WTF::Vector<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul, WTF::CrashOnOverflow, 16ul>&)
> 21  0x7fd7c8ce2275 IPC::ArgumentCoder<WebCore::CoordinatedGraphicsState>::decode(IPC::Decoder&, WebCore::CoordinatedGraphicsState&)
> 22  0x7fd7c8ea1939 std::enable_if<!std::is_enum<WebCore::CoordinatedGraphicsState>::value, bool>::type IPC::Decoder::decode<WebCore::CoordinatedGraphicsState>(WebCore::CoordinatedGraphicsState&)
> 23  0x7fd7c8ea18f3 IPC::TupleCoder<1ul, WebCore::CoordinatedGraphicsState>::decode(IPC::Decoder&, std::tuple<WebCore::CoordinatedGraphicsState>&)
> 24  0x7fd7c8ea17af IPC::ArgumentCoder<std::tuple<WebCore::CoordinatedGraphicsState> >::decode(IPC::Decoder&, std::tuple<WebCore::CoordinatedGraphicsState>&)
> 25  0x7fd7c8ea170d std::enable_if<!std::is_enum<std::tuple<WebCore::CoordinatedGraphicsState> >::value, bool>::type IPC::Decoder::decode<std::tuple<WebCore::CoordinatedGraphicsState> >(std::tuple<WebCore::CoordinatedGraphicsState>&)
> 26  0x7fd7c8ea161a void IPC::handleMessage<Messages::CoordinatedLayerTreeHostProxy::CommitCoordinatedGraphicsState, WebKit::CoordinatedLayerTreeHostProxy, void (WebKit::CoordinatedLayerTreeHostProxy::*)(WebCore::CoordinatedGraphicsState const&)>(IPC::Decoder&, WebKit::CoordinatedLayerTreeHostProxy*, void (WebKit::CoordinatedLayerTreeHostProxy::*)(WebCore::CoordinatedGraphicsState const&))
> 27  0x7fd7c8ea146f WebKit::CoordinatedLayerTreeHostProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
> 28  0x7fd7c87ba086 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
> 29  0x7fd7c8883ee1 WebKit::ChildProcessProxy::dispatchMessage(IPC::Connection&, IPC::Decoder&)
> 30  0x7fd7c8966a8a WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
> 31  0x7fd7c879d366 IPC::Connection::dispatchMessage(IPC::Decoder&)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170203/5f1a4772/attachment.html>