[Webkit-unassigned] [Bug 203353] GIFImageReader::m_data is ref/deref in different threads

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 30 19:19:15 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=203353

Fujii Hironori <Hironori.Fujii at sony.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[WinCairo]                  |GIFImageReader::m_data is
                   |GIFImageReader::m_data is   |ref/deref in different
                   |ref/deref in different      |threads
                   |threads                     |

--- Comment #10 from Fujii Hironori <Hironori.Fujii at sony.com> ---
GTK port also has this issue.

https://build.webkit.org/results/GTK%20Linux%2064-bit%20Debug%20(Tests)/r251772%20(5463)/results.html
fast/images/animated-gif-paint-after-animation.html

Thread 1 (Thread 0x7fe698dfa700 (LWP 17228)):
#0  WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:305
#1  0x00007fe77c454957 in WTF::RefCountedBase::applyRefDerefThreadingCheck() const (this=0x7fe765ad3f88) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:114
#2  0x00007fe77c4549f4 in WTF::RefCountedBase::derefBase() const (this=0x7fe765ad3f88) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:130
#3  0x00007fe77c5a0060 in WTF::RefCounted<WebCore::SharedBuffer, std::default_delete<WebCore::SharedBuffer> >::deref() const (this=0x7fe765ad3f88) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:189
#4  0x00007fe77c94534e in void WTF::derefIfNotNull<WebCore::SharedBuffer>(WebCore::SharedBuffer*) (ptr=0x7fe765ad3f88) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:44
#5  0x00007fe77c936c17 in WTF::RefPtr<WebCore::SharedBuffer, WTF::DumbPtrTraits<WebCore::SharedBuffer> >::~RefPtr() (this=0x7fe6ed0bc990, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:69
#6  0x00007fe77feacd0c in GIFImageReader::~GIFImageReader() (this=0x7fe6ed0bc930, __in_chrg=<optimized out>) at ../../Source/WebCore/platform/image-decoders/gif/GIFImageReader.h:219
#7  0x00007fe77feacd42 in std::default_delete<GIFImageReader>::operator()(GIFImageReader*) const (this=0x7fe6f5a31868, __ptr=0x7fe6ed0bc930) at /usr/include/c++/8/bits/unique_ptr.h:81
#8  0x00007fe77feacdc1 in std::unique_ptr<GIFImageReader, std::default_delete<GIFImageReader> >::reset(GIFImageReader*) (this=0x7fe6f5a31868, __p=0x7fe6ed0bc930) at /usr/include/c++/8/bits/unique_ptr.h:382
#9  0x00007fe77feac813 in std::unique_ptr<GIFImageReader, std::default_delete<GIFImageReader> >::operator=(decltype(nullptr)) (this=0x7fe6f5a31868) at /usr/include/c++/8/bits/unique_ptr.h:318
#10 0x00007fe77feab63f in WebCore::GIFImageDecoder::gifComplete() (this=0x7fe6f5a317f8) at ../../Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:321
#11 0x00007fe77feae32c in GIFImageReader::decode(WebCore::GIFImageDecoder::GIFQuery, unsigned int) (this=0x7fe6ed0bc930, query=WebCore::GIFImageDecoder::GIFFullQuery, haltAtFrame=2) at ../../Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:390
#12 0x00007fe77feab7cf in WebCore::GIFImageDecoder::decode(unsigned int, WebCore::GIFImageDecoder::GIFQuery, bool) (this=0x7fe6f5a317f8, haltAtFrame=2, query=WebCore::GIFImageDecoder::GIFFullQuery, allDataReceived=true) at ../../Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:350
#13 0x00007fe77feaad6a in WebCore::GIFImageDecoder::frameBufferAtIndex(unsigned long) (this=0x7fe6f5a317f8, index=1) at ../../Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:141
#14 0x00007fe77fea3121 in WebCore::ScalableImageDecoder::createFrameImageAtIndex(unsigned long, WebCore::SubsamplingLevel, WebCore::DecodingOptions const&) (this=0x7fe6f5a317f8, index=1) at ../../Source/WebCore/platform/image-decoders/ScalableImageDecoder.cpp:214
#15 0x00007fe77f3ac461 in WebCore::ImageSource::<lambda()>::operator()(void) const (__closure=0x7fe6ed688668) at ../../Source/WebCore/platform/graphics/ImageSource.cpp:364
#16 0x00007fe77f3b1970 in WTF::Detail::CallableWrapper<WebCore::ImageSource::startAsyncDecodingQueue()::<lambda()>, void>::call(void) (this=0x7fe6ed688660) at DerivedSources/ForwardingHeaders/wtf/Function.h:52
#17 0x00007fe77c487c1b in WTF::Function<void ()>::operator()() const (this=0x7fe6ed630658) at DerivedSources/ForwardingHeaders/wtf/Function.h:79
#18 0x00007fe7704df2cc in WTF::WorkQueue::<lambda()>::operator()(void) const (__closure=0x7fe6ed630650) at ../../Source/WTF/wtf/generic/WorkQueueGeneric.cpp:63
#19 0x00007fe7704e1084 in WTF::Detail::CallableWrapper<WTF::WorkQueue::dispatch(WTF::Function<void()>&&)::<lambda()>, void>::call(void) (this=0x7fe6ed630648) at ../../Source/WTF/wtf/Function.h:52
#20 0x00007fe77c487c1b in WTF::Function<void ()>::operator()() const (this=0x7fe698df9968) at DerivedSources/ForwardingHeaders/wtf/Function.h:79
#21 0x00007fe77046eb39 in WTF::RunLoop::performWork() (this=0x7fe6ecec9000) at ../../Source/WTF/wtf/RunLoop.cpp:107
#22 0x00007fe7704e4552 in WTF::RunLoop::<lambda(gpointer)>::operator()(gpointer) const (__closure=0x0, userData=0x7fe6ecec9000) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:68
#23 0x00007fe7704e4576 in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:70
#24 0x00007fe7704e4504 in WTF::<lambda(GSource*, GSourceFunc, gpointer)>::operator()(GSource *, GSourceFunc, gpointer) const (__closure=0x0, source=0x7fe67c0029d0, callback=0x7fe7704e4559 <WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer)>, userData=0x7fe6ecec9000) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:45
#25 0x00007fe7704e4534 in WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:46
#26 0x00007fe7697916b8 in g_main_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3182
#27 g_main_context_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3847
#28 0x00007fe769791a78 in g_main_context_iterate () at ../../Source/glib-2.58.1/glib/gmain.c:3920
#29 0x00007fe769791d62 in g_main_loop_run () at ../../Source/glib-2.58.1/glib/gmain.c:4116
#30 0x00007fe7704e4a3f in WTF::RunLoop::run() () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:96
#31 0x00007fe7704df152 in WTF::WorkQueue::<lambda()>::operator()(void) const (__closure=0x7fe6ed630638) at ../../Source/WTF/wtf/generic/WorkQueueGeneric.cpp:43
#32 0x00007fe7704e10c0 in WTF::Detail::CallableWrapper<WTF::WorkQueue::platformInitialize(char const*, WTF::WorkQueue::Type, WTF::WorkQueue::QOS)::<lambda()>, void>::call(void) (this=0x7fe6ed630630) at ../../Source/WTF/wtf/Function.h:52
#33 0x00007fe77c487c1b in WTF::Function<void ()>::operator()() const (this=0x7fe698df9c48) at DerivedSources/ForwardingHeaders/wtf/Function.h:79
#34 0x00007fe7704724c6 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (newThreadContext=0x7fe6f6ea7a00) at ../../Source/WTF/wtf/Threading.cpp:148
#35 0x00007fe7704e70f8 in WTF::wtfThreadEntryPoint (context=0x7fe6f6ea7a00) at ../../Source/WTF/wtf/posix/ThreadingPOSIX.cpp:200
#36 0x00007fe769f70fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
#37 0x00007fe767fc14cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191031/2468cf06/attachment.htm>

More information about the webkit-unassigned mailing list