[Webkit-unassigned] [Bug 198522] New: [GTK] Crash when re-entering AC mode after r245957

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 4 02:48:54 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=198522

            Bug ID: 198522
           Summary: [GTK] Crash when re-entering AC mode after r245957
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: Gtk
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cgarcia at igalia.com
                CC: bugs-noreply at webkitgtk.org, magomez at igalia.com,
                    zan at falconsigh.net

When AcceleratedBackingStoreWayland::displayBuffer() is called and we have already left AC mode, we early dispatch the image and release it. The problem is that images are reused, so the given image can be the committed one. In that case we end up freeing it again in the next AcceleratedBackingStoreWayland::paint() call.

Thread 1 "MiniBrowser" received signal SIGSEGV, Segmentation fault.
0x00007fffeccbc497 in wl_list_remove (elm=0x55555563a7e0) at ../src/wayland-util.c:55
55      ../src/wayland-util.c: No existe el fichero o el directorio.
(gdb) bt
#0  0x00007fffeccbc497 in wl_list_remove (elm=0x55555563a7e0) at ../src/wayland-util.c:55
#1  0x00007fffec797819 in wpe_fdo_egl_exported_image_destroy(wpe_fdo_egl_exported_image*) () from /home/cgarcia/gnome/lib/libWPEBackend-fdo-1.0.so.1
#2  0x00007fffec7a039c in wpe_view_backend_exportable_fdo_egl_dispatch_release_exported_image () from /home/cgarcia/gnome/lib/libWPEBackend-fdo-1.0.so.1
#3  0x00007ffff51e87a7 in WebKit::AcceleratedBackingStoreWayland::paint(_cairo*, WebCore::IntRect const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007ffff51862c8 in webkitWebViewBaseDraw(_GtkWidget*, _cairo*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190604/1465cd26/attachment-0001.html>

More information about the webkit-unassigned mailing list