[Webkit-unassigned] [Bug 168292] New: REGRESSION(r212239): Crash in DragImage::operator=(WebCore::DragImage&&) when DragImageRef is the same
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 14 00:11:09 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=168292
Bug ID: 168292
Summary: REGRESSION(r212239): Crash in
DragImage::operator=(WebCore::DragImage&&) when
DragImageRef is the same
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: LayoutTestFailure, Regression
Severity: Normal
Priority: P2
Component: Platform
Assignee: webkit-unassigned at lists.webkit.org
Reporter: cgarcia at igalia.com
This happens at least in the GTK+ port where DragImageRef is a pointer (we should definitely change that). It caused several crashes in the bots:
Thread 1 (Thread 0x2b4ba8e96940 (LWP 11637)):
#0 0x00002b4ba28b3067 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00002b4ba28b4448 in __GI_abort () at abort.c:89
#2 0x00002b4ba28ac266 in __assert_fail_base (fmt=0x2b4ba29e5238 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion at entry=0x2b4b9ba8ce08 "((*&(&surface->ref_count)->ref_count) > 0)", file=file at entry=0x2b4b9ba8cd38 "/home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/cairo-1.14.2/src/cairo-surface.c", line=line at entry=953, function=function at entry=0x2b4b9ba9d9f0 <__PRETTY_FUNCTION__.11168> "cairo_surface_destroy") at assert.c:92
#3 0x00002b4ba28ac312 in __GI___assert_fail (assertion=0x2b4b9ba8ce08 "((*&(&surface->ref_count)->ref_count) > 0)", file=0x2b4b9ba8cd38 "/home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/cairo-1.14.2/src/cairo-surface.c", line=953, function=0x2b4b9ba9d9f0 <__PRETTY_FUNCTION__.11168> "cairo_surface_destroy") at assert.c:101
#4 0x00002b4b9ba1a7c2 in cairo_surface_destroy () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/cairo-1.14.2/src/cairo-surface.c:953
#5 0x00002b4b9968b7f9 in WebCore::DragImage::operator=(WebCore::DragImage&&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6 0x00002b4b995d7e8b in WebCore::DragController::doImageDrag(WebCore::Element&, WebCore::IntPoint const&, WebCore::IntRect const&, WebCore::DataTransfer&, WebCore::Frame&, WebCore::IntPoint&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7 0x00002b4b995dbcc2 in WebCore::DragController::startDrag(WebCore::Frame&, WebCore::DragState const&, WebCore::DragOperation, WebCore::PlatformMouseEvent const&, WebCore::IntPoint const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8 0x00002b4b995e3994 in WebCore::EventHandler::handleDrag(WebCore::MouseEventWithHitTestResults const&, WebCore::CheckDragHysteresis) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9 0x00002b4b995e3eb8 in WebCore::EventHandler::handleMouseDraggedEvent(WebCore::MouseEventWithHitTestResults const&, WebCore::CheckDragHysteresis) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00002b4b995eab67 in WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*, bool) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
When m_dragImageRef is the same as other.m_dragImageRef we end up deleting twice.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170214/95240aa5/attachment.html>
More information about the webkit-unassigned
mailing list