[Webkit-unassigned] [Bug 179304] [GTK] Many webpages can crash the browser in WebCore::CoordinatedGraphicsLayer::transformedVisibleRect
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 23 05:38:04 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=179304
--- Comment #23 from Carlos Eduardo Ramalho <cadubentzen at gmail.com> ---
(In reply to Carlos Eduardo Ramalho from comment #17)
> We have to wait a few seconds because there is a 5s timer to free the
> resources when turning AC off.
I was wrong in that statement. Actually we have to wait usually 13s to reproduce the crash on https://www.harrypotterplatform934.com/pages/faqs because AC is turned on every 6.5s: the JS script defines this time to make a transition a slide div (slidesjs-control) that shows up on the left side of the page below the menu.
This animated transition (using translateX) triggers AC off -> on -> off every 6.5s.
So the scenario is like that:
0s -> page opens
6.5 -> slidejs animation: AC off -> on -> off
11.5s -> 5s timer kicks in, discarding previous LayerTreeHost
13s -> slidejs animation: AC off -> on, then segfault in CoordinatedGraphicsLayer::transformedVisibleRect()
The GraphicsLayer node that causes the crash is in a div with animation embedded in a iframe, this iframe is inserted to the DOM via JS. However there's some catch I didn't figure out yet because doing so in the same scenario in a simpler webpage does not cause the crash.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180423/c66ee5c2/attachment.html>
More information about the webkit-unassigned
mailing list