[Webkit-unassigned] [Bug 179304] [GTK] Many webpages can crash the browser in WebCore::CoordinatedGraphicsLayer::transformedVisibleRect
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 4 07:09:51 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=179304
--- Comment #24 from Miguel Gomez <magomez at igalia.com> ---
As Carlos mentions, the problem is the null compositor on some of the layers. When leaving AC, all the GraphicsLayers are destroyed except the children of the iframe containing the dialog (see the attached GraphicsLayer dump). But 5 seconds after that, the CompositingCoordinator is destroyed, setting compositor attribute to null for those layers.
When scrolling the page, seems that the iframe with the dialog is added to the page again, and that causes that the surviving GraphicsLayers are added again to the GraphicsLayer tree, but their coordinator is not properly set, so the crash during the layer flush happens.
I need to investigate why these GraphicsLayers are kept alive, and if it makes sense to do that, or we should be destroying them. Maybe it's an optimization speed up the rendering of constant subtrees (in which case we should just the appropriate coordinator when reattaching the subtree) or maybe it's a bug and we should just destroy them and recreate them when needed.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180504/40e20637/attachment.html>
More information about the webkit-unassigned
mailing list