[Webkit-unassigned] [Bug 176151] Crash in WebCore::CalculationValue::evaluate

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 19 05:34:13 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=176151

--- Comment #3 from Bastien Nocera <bugzilla at hadess.net> ---
Full bt (for the crashing thread):
#0  0x00007f6801abfa38 in std::__uniq_ptr_impl<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::_M_ptr() const (this=0x8)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/CalculationValue.cpp:63
#1  0x00007f6801abfa38 in std::unique_ptr<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::get() const (this=0x8) at /usr/include/c++/8/bits/unique_ptr.h:343
#2  0x00007f6801abfa38 in std::unique_ptr<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::operator->() const (this=0x8) at /usr/include/c++/8/bits/unique_ptr.h:337
#3  0x00007f6801abfa38 in WebCore::CalculationValue::evaluate(float) const (this=0x0, maxValue=356) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/CalculationValue.cpp:63
#4  0x00007f6801accd30 in WebCore::Length::nonNanCalculatedValue(int) const (this=<optimized out>, maxValue=356) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/Length.cpp:277
#5  0x00007f68013b432a in WebCore::TranslateTransformOperation::apply(WebCore::TransformationMatrix&, WebCore::FloatSize const&) const (this=0x7f66e7fdcb90, transform=..., borderBoxSize=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/FloatSize.h:71
#6  0x00007f6800d9be4b in WebCore::applyTransformAnimation (listsMatch=<optimized out>, boxSize=..., progress=<optimized out>, to=..., from=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/transforms/TransformOperations.h:84
#7  0x00007f6800d9be4b in WebCore::TextureMapperAnimation::applyInternal(WebCore::TextureMapperAnimation::ApplicationResult&, WebCore::AnimationValue const&, WebCore::AnimationValue const&, float) (this=this at entry=0x7f66f24dccc0, applicationResults=..., from=..., to=..., progress=<optimized out>) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperAnimation.cpp:278
#8  0x00007f6800d9cb06 in WebCore::TextureMapperAnimation::apply(WebCore::TextureMapperAnimation::ApplicationResult&, WTF::MonotonicTime) (this=this at entry=0x7f66f24dccc0, applicationResults=..., time=..., 
    time at entry=...) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperAnimation.cpp:237
#9  0x00007f6800d9cdd5 in WebCore::TextureMapperAnimations::apply(WebCore::TextureMapperAnimation::ApplicationResult&, WTF::MonotonicTime) (this=this at entry=0x7f66f24935b8, applicationResults=..., time=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperAnimation.cpp:338
#10 0x00007f6800da090c in WebCore::TextureMapperLayer::syncAnimations(WTF::MonotonicTime) (this=this at entry=0x7f66f24933c0, time=..., time at entry=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:648
#11 0x00007f6800da0cfa in WebCore::TextureMapperLayer::applyAnimationsRecursively(WTF::MonotonicTime) (this=0x7f66f24933c0, time=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:639
#12 0x00007f6800da0d21 in WebCore::TextureMapperLayer::applyAnimationsRecursively(WTF::MonotonicTime) (this=<optimized out>, time=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:641
#13 0x00007f6800da0d21 in WebCore::TextureMapperLayer::applyAnimationsRecursively(WTF::MonotonicTime) (this=<optimized out>, time=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:641
#14 0x00007f6800da0d21 in WebCore::TextureMapperLayer::applyAnimationsRecursively(WTF::MonotonicTime) (this=<optimized out>, time=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:641
#15 0x00007f6800da0d21 in WebCore::TextureMapperLayer::applyAnimationsRecursively(WTF::MonotonicTime) (this=<optimized out>, time=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:641
#16 0x00007f6800da0d21 in WebCore::TextureMapperLayer::applyAnimationsRecursively(WTF::MonotonicTime) (this=<optimized out>, time=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:641
#17 0x00007f6800da0d21 in WebCore::TextureMapperLayer::applyAnimationsRecursively(WTF::MonotonicTime) (this=<optimized out>, time=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:641
#18 0x00007f6800da0d21 in WebCore::TextureMapperLayer::applyAnimationsRecursively(WTF::MonotonicTime) (this=<optimized out>, time=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:641
#19 0x00007f6800da0d21 in WebCore::TextureMapperLayer::applyAnimationsRecursively(WTF::MonotonicTime) (this=<optimized out>, time=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:641
#20 0x00007f6800da0d21 in WebCore::TextureMapperLayer::applyAnimationsRecursively(WTF::MonotonicTime) (this=this at entry=0x7f66f246b000, time=...)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:641
#21 0x00007f6800a40fa9 in WebKit::CoordinatedGraphicsScene::paintToCurrentGLContext(WebCore::TransformationMatrix const&, float, WebCore::FloatRect const&, WebCore::Color const&, bool, unsigned int) (this=0x7f6703826000, matrix=..., opacity=1, clipRect=..., backgroundColor=..., drawsBackground=<optimized out>, PaintFlags=1)
    at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:75
#22 0x00007f6800a4746d in WebKit::ThreadedCompositor::renderLayerTree() (this=0x7f670384ce58) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc28.x86_64/Source/WebCore/platform/graphics/Color.h:446
#23 0x00007f67ff7c9d57 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () at /lib64/libjavascriptcoregtk-4.0.so.18
#24 0x00007f67f7bf088d in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#25 0x00007f67f7bf0c58 in g_main_context_iterate.isra () at /lib64/libglib-2.0.so.0
#26 0x00007f67f7bf0f82 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#27 0x00007f67ff7ca1e0 in WTF::RunLoop::run() () at /lib64/libjavascriptcoregtk-4.0.so.18
#28 0x00007f67ff7a19ef in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () at /lib64/libjavascriptcoregtk-4.0.so.18
#29 0x00007f67ff7c823d in WTF::wtfThreadEntryPoint(void*) () at /lib64/libjavascriptcoregtk-4.0.so.18
#30 0x00007f67fc504594 in start_thread () at /lib64/libpthread.so.0
#31 0x00007f67f5243e6f in clone () at /lib64/libc.so.6

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181019/0442e4db/attachment.html>

More information about the webkit-unassigned mailing list