[Webkit-unassigned] [Bug 184390] [GTK] Find can crash the web process
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 17 10:28:49 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=184390
Philippe Normand <pnormand at igalia.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
CC| |pnormand at igalia.com
Resolution|INVALID |---
--- Comment #3 from Philippe Normand <pnormand at igalia.com> ---
I can reproduce the issue in Debian Sid, webkit2gtk 2.20.0
(gdb) bt
#0 0x00007f2acc0e40fc in WTFCrash() () at ./Source/WTF/wtf/Assertions.cpp:271
#1 0x00007f2ad134f0bd in WTF::VectorBufferBase<WebCore::InlineTextBox::StyledMarkedText, WTF::FastMalloc>::allocateBuffer(unsigned long) (newCapacity=<optimized out>, this=<optimized out>) at ./obj-x86_64-linux-gnu/DerivedSources/ForwardingHeaders/wtf/Vector.h:267
#2 0x00007f2ad134f0bd in WTF::Vector<WebCore::InlineTextBox::StyledMarkedText, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::reserveInitialCapacity(unsigned long) (initialCapacity=<optimized out>, this=<optimized out>) at ./obj-x86_64-linux-gnu/DerivedSources/ForwardingHeaders/wtf/Vector.h:1216
#3 0x00007f2ad134f0bd in WebCore::InlineTextBox::subdivideAndResolveStyle(WTF::Vector<WebCore::MarkedText, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::InlineTextBox::MarkedTextStyle const&, WebCore::PaintInfo const&) (this=this at entry=0x7f2a03e009a0, textsToSubdivide=..., baseStyle=..., paintInfo=...)
at ./Source/WebCore/rendering/InlineTextBox.cpp:790
#4 0x00007f2ad1356bf5 in WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (this=0x7f2a03e009a0, paintInfo=..., paintOffset=...) at ./Source/WebCore/rendering/InlineTextBox.cpp:519
#5 0x00007f2ad1355959 in WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (this=this at entry=0x7f2a03003678, paintInfo=..., paintOffset=..., lineTop=..., lineBottom=...) at ./Source/WebCore/rendering/InlineFlowBox.cpp:1208
#6 0x00007f2ad150a2fc in WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (this=0x7f2a03003678, paintInfo=..., paintOffset=..., lineTop=..., lineBottom=...) at ./Source/WebCore/rendering/RootInlineBox.cpp:170
#7 0x00007f2ad1476431 in WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const (this=0x7f2a30a001f8, renderer=0x7f2a30a00108, paintInfo=..., paintOffset=...) at ./Source/WebCore/rendering/RenderLineBoxList.cpp:260
#8 0x00007f2ad1366bd7 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=<optimized out>, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1111
#9 0x00007f2ad13832af in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=0x7f2a30a00108, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1247
#10 0x00007f2ad1362b77 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=0x7f2a30a00108, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1090
#11 0x00007f2ad1366cc5 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) (this=this at entry=0x7f2a38300738, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=usePrintRect at entry=false, paintType=WebCore::RenderBlock::PaintAsBlock) at ./Source/WebCore/rendering/RenderBlock.cpp:1167
#12 0x00007f2ad1367086 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) (this=0x7f2a38300738, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false) at ./Source/WebCore/rendering/RenderBlock.cpp:1131
#13 0x00007f2ad1366bb5 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=<optimized out>, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1124
#14 0x00007f2ad13832af in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=0x7f2a38300738, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1247
#15 0x00007f2ad1362b77 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=0x7f2a38300738, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1090
#16 0x00007f2ad1366cc5 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) (this=this at entry=0x7f2a38300528, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=usePrintRect at entry=false, paintType=WebCore::RenderBlock::PaintAsBlock) at ./Source/WebCore/rendering/RenderBlock.cpp:1167
#17 0x00007f2ad1367086 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) (this=0x7f2a38300528, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false) at ./Source/WebCore/rendering/RenderBlock.cpp:1131
#18 0x00007f2ad1366bb5 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=<optimized out>, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1124
#19 0x00007f2ad13832af in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=0x7f2a38300528, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1247
#20 0x00007f2ad1362b77 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=0x7f2a38300528, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1090
#21 0x00007f2ad1366cc5 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) (this=this at entry=0x7f2a38300420, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=usePrintRect at entry=false, paintType=WebCore::RenderBlock::PaintAsBlock) at ./Source/WebCore/rendering/RenderBlock.cpp:1167
#22 0x00007f2ad1367086 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) (this=0x7f2a38300420, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false) at ./Source/WebCore/rendering/RenderBlock.cpp:1131
#23 0x00007f2ad1366bb5 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=<optimized out>, paintInfo=..., paintOffset=...)
---Type <return> to continue, or q <return> to quit---
at ./Source/WebCore/rendering/RenderBlock.cpp:1124
#24 0x00007f2ad13832af in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=0x7f2a38300420, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1247
#25 0x00007f2ad1362b77 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=0x7f2a38300420, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1090
#26 0x00007f2ad1366cc5 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) (this=this at entry=0x7f2a38300210, child=..., paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=usePrintRect at entry=false, paintType=WebCore::RenderBlock::PaintAsBlock) at ./Source/WebCore/rendering/RenderBlock.cpp:1167
#27 0x00007f2ad1367086 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) (this=0x7f2a38300210, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=false) at ./Source/WebCore/rendering/RenderBlock.cpp:1131
#28 0x00007f2ad1366bb5 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=<optimized out>, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1124
#29 0x00007f2ad13832af in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=0x7f2a38300210, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1247
#30 0x00007f2ad1362b77 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (this=0x7f2a38300210, paintInfo=..., paintOffset=...)
at ./Source/WebCore/rendering/RenderBlock.cpp:1090
#31 0x00007f2ad143440b in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) (this=this at entry=
0x7f2a590a0480, phase=phase at entry=WebCore::PaintPhaseForeground, layerFragments=..., context=..., localPaintingInfo=..., paintBehavior=paintBehavior at entry=2048, subtreePaintRootForRenderer=0x0) at ./Source/WebCore/rendering/RenderLayer.cpp:4847
#32 0x00007f2ad14436e2 in WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) (this=this at entry=0x7f2a590a0480, layerFragments=..., context=..., contextForTransparencyLayer=..., transparencyPaintDirtyRect=..., haveTransparency=haveTransparency at entry=false, localPaintingInfo=..., paintBehavior=2048, subtreePaintRootForRenderer=0x0) at ./Source/WebCore/rendering/RenderLayer.cpp:4824
#33 0x00007f2ad145b96e in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) (this=<optimized out>, context=..., paintingInfo=..., paintFlags=paintFlags at entry=96) at ./Source/WebCore/rendering/RenderLayer.cpp:4431
#34 0x00007f2ad145d029 in WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, unsigned int, unsigned int) (this=0x7f2a333772c0, graphicsLayer=0x7f2a6857f200, context=..., paintDirtyRect=..., paintBehavior=2048, paintingPhase=<optimized out>)
at ./Source/WebCore/rendering/RenderLayerBacking.cpp:2525
#35 0x00007f2ad145d2fe in WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, unsigned int, WebCore::FloatRect const&, unsigned int) (this=0x7f2a333772c0, graphicsLayer=0x7f2a6857f200, context=..., paintingPhase=3, clip=..., layerPaintBehavior=2)
at ./Source/WebCore/rendering/RenderLayerBacking.cpp:2572
#36 0x00007f2ad1253a3e in WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) (this=this at entry=0x7f2a6857f200, context=..., clip=..., layerPaintBehavior=layerPaintBehavior at entry=0) at ./Source/WebCore/platform/graphics/GraphicsLayer.cpp:434
#37 0x00007f2ad05694bf in Nicosia::PaintingEngineBasic::<lambda(WebCore::GraphicsContext&)>::operator() (context=..., __closure=0x7ffcf32ee460)
at ./Source/WebCore/platform/graphics/nicosia/NicosiaPaintingEngineBasic.cpp:64
#38 0x00007f2ad05694bf in Nicosia::PaintingContext::paint<Nicosia::PaintingEngineBasic::paint(WebCore::GraphicsLayer&, WTF::Ref<Nicosia::Buffer>&&, const WebCore::IntRect&, const WebCore::IntRect&, const WebCore::IntRect&, float)::<lambda(WebCore::GraphicsContext&)> > (paintFunctor=..., buffer=...)
at ./Source/WebCore/platform/graphics/nicosia/NicosiaPaintingContext.h:48
#39 0x00007f2ad05694bf in Nicosia::PaintingEngineBasic::paint(WebCore::GraphicsLayer&, WTF::Ref<Nicosia::Buffer, WTF::DumbPtrTraits<Nicosia::Buffer> >&&, WebCore::IntRect const&, WebCore::IntRect const&, WebCore::IntRect const&, float) (this=this at entry=0x7f2a53290b08, layer=
..., buffer=buffer at entry=<unknown type in /usr/lib/debug/.build-id/8f/da266c836ca74e8c2affb15bf7b4081fac83fe.debug, CU 0xfda9219, DIE 0xfe09132>, sourceRect=..., mappedSourceRect=..., targetRect=..., contentsScale=contentsScale at entry=2) at ./Source/WebCore/platform/graphics/nicosia/NicosiaPaintingEngineBasic.cpp:47
#40 0x00007f2ad0564fd3 in WebCore::CoordinatedGraphicsLayer::updateContentBuffers() (this=0x7f2a6857f200)
at ./Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:977
#41 0x00007f2ad0565183 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() (this=0x7f2a6857f200)
at ./Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:927
#42 0x00007f2ad05651ac in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() (this=<optimized out>)
at ./Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:930
#43 0x00007f2ad05651ac in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() (this=<optimized out>)
---Type <return> to continue, or q <return> to quit---
at ./Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:930
#44 0x00007f2ad05651ac in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() (this=<optimized out>)
at ./Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:930
#45 0x00007f2ad05651ac in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() (this=<optimized out>)
at ./Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:930
#46 0x00007f2ad05651ac in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() (this=<optimized out>)
at ./Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:930
#47 0x00007f2ad05651ac in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() (this=this at entry=0x7f2a685c8400)
at ./Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:930
#48 0x00007f2ad0542e10 in WebKit::CompositingCoordinator::flushPendingLayerChanges() (this=this at entry=0x7f2ab84e53b8)
at ./Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp:124
#49 0x00007f2ad05430cc in WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired() (this=0x7f2ab84e5380)
at ./Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:199
#50 0x00007f2ad05434b8 in WebKit::CoordinatedLayerTreeHost::renderNextFrame() (this=0x7f2ab84e5380)
at ./Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:172
#51 0x00007f2ad03efee4 in WebKit::ThreadedCompositor::handleDisplayRefreshMonitorUpdate(bool) (this=0x7f2a52edaa80, hasBeenRescheduled=<optimized out>)
at ./Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:354
#52 0x00007f2acc128493 in WTF::RunLoop::TimerBase::<lambda(gpointer)>::operator() (__closure=0x0, userData=0x7f2ab8eb7ae0) at ./Source/WTF/wtf/glib/RunLoopGLib.cpp:170
#53 0x00007f2acc128493 in WTF::RunLoop::TimerBase::<lambda(gpointer)>::_FUN(gpointer) () at ./Source/WTF/wtf/glib/RunLoopGLib.cpp:176
#54 0x00007f2accf180f5 in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#55 0x00007f2accf184c0 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#56 0x00007f2accf187d2 in g_main_loop_run () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#57 0x00007f2acc1288a0 in WTF::RunLoop::run() () at ./Source/WTF/wtf/glib/RunLoopGLib.cpp:96
#58 0x00007f2ad054d0e8 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=<optimized out>, argv=0x7ffcf32eea98)
at ./Source/WebKit/Shared/unix/ChildProcessMain.h:61
#59 0x00007f2acf443a87 in __libc_start_main (main=
0x55dcfc1ca8d0 <main(int, char**)>, argc=3, argv=0x7ffcf32eea98, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcf32eea88)
at ../csu/libc-start.c:310
#60 0x000055dcfc1ca95a in _start ()
(gdb)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180417/852e90e7/attachment-0001.html>
More information about the webkit-unassigned
mailing list