[Webkit-unassigned] [Bug 201507] New: [GTK] Crash in Nicosia::GC3DLayer::makeContextCurrent
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 5 08:14:07 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=201507
Bug ID: 201507
Summary: [GTK] Crash in Nicosia::GC3DLayer::makeContextCurrent
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebKitGTK
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at gnome.org
CC: bugs-noreply at webkitgtk.org
Visit https://www.washingtonpost.com/technology/2019/08/26/spy-your-wallet-credit-cards-have-privacy-problem/?noredirect=on in Tech Preview (2.25.4) and wait about 10-15 seconds. The page will crash:
Core was generated by `/usr/libexec/webkit2gtk-4.0/WebKitWebProcess 17 31'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f127fa8fa58 in Nicosia::GC3DLayer::makeContextCurrent (
this=<optimized out>) at /usr/include/c++/9.2.0/bits/unique_ptr.h:352
352 get() const noexcept
(gdb) bt
#0 0x00007f127fa8fa58 in Nicosia::GC3DLayer::makeContextCurrent() (this=<optimized out>)
at /usr/include/c++/9.2.0/bits/unique_ptr.h:352
#1 0x00007f127fa84b80 in WebCore::GraphicsContext3D::makeContextCurrent() (this=this at entry=0x7f11e79dc600)
at /usr/include/c++/9.2.0/bits/unique_ptr.h:352
#2 0x00007f127fa84de7 in WebCore::GraphicsContext3D::GraphicsContext3D(WebCore::GraphicsContext3DAttributes, WebCore::HostWindow*, WebCore::GraphicsContext3D::RenderStyle, WebCore::GraphicsContext3D*)
(this=0x7f11e79dc600, attributes=..., renderStyle=WebCore::GraphicsContext3D::RenderOffscreen, sharedContext=<optimized out>) at ../Source/WebCore/platform/graphics/texmap/GraphicsContext3DTextureMapper.cpp:114
#3 0x00007f127fa859de in WebCore::GraphicsContext3D::create(WebCore::GraphicsContext3DAttributes, WebCore::HostWindow*, WebCore::GraphicsContext3D::RenderStyle) (attributes=..., hostWindow=hostWindow at entry=
0x7f1275590060, renderStyle=renderStyle at entry=WebCore::GraphicsContext3D::RenderOffscreen)
at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:140
#4 0x00007f127f092c1f in WebCore::WebGLRenderingContextBase::create(WebCore::CanvasBase&, WebCore::GraphicsContext3DAttributes&, WTF::String const&) (canvas=..., attributes=..., type=...)
at ../Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp:601
#5 0x00007f127ef78603 in WebCore::HTMLCanvasElement::createContextWebGL(WTF::String const&, WebCore::GraphicsContext3DAttributes&&) (this=0x7f122426b610, type=..., attrs=...) at ../Source/WebCore/html/HTMLCanvasElement.cpp:408
#6 0x00007f127ef7c7d7 in WebCore::HTMLCanvasElement::getContext(JSC::ExecState&, WTF::String const&, WTF::Vector<JSC::Strong<JSC::Unknown>, 0ul, WTF::CrashOnOverflow, 16ul>&&)
(this=this at entry=0x7f122426b610, state=..., contextId=..., arguments=...)
at ../Source/WebCore/html/HTMLCanvasElement.cpp:276
#7 0x00007f127e4aea1d in WebCore::jsHTMLCanvasElementPrototypeFunctionGetContextBody
(throwScope=..., castedThis=0x7f12013c6380, state=0x7fff32f9c750)
at DerivedSources/WebCore/JSHTMLCanvasElement.cpp:291
#8 0x00007f127e4aea1d in WebCore::IDLOperation<WebCore::JSHTMLCanvasElement>::call<WebCore::jsHTMLCanvasElementPrototypeFunctionGetContextBody> (operationName=0x7f127fcc3fa6 "getContext", state=...)
at ../Source/WebCore/bindings/js/JSDOMOperation.h:53
#9 0x00007f127e4aea1d in WebCore::jsHTMLCanvasElementPrototypeFunctionGetContext(JSC::ExecState*)
(state=0x7fff32f9c750) at DerivedSources/WebCore/JSHTMLCanvasElement.cpp:296
#10 0x00007f1227fff16b in ()
#11 0x00007fff32f9c860 in ()
#12 0x00007f127b9df421 in llint_op_call () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#13 0x0000000000000000 in ()
(gdb) bt full
#0 0x00007f127fa8fa58 in Nicosia::GC3DLayer::makeContextCurrent() (this=<optimized out>)
at /usr/include/c++/9.2.0/bits/unique_ptr.h:352
#1 0x00007f127fa84b80 in WebCore::GraphicsContext3D::makeContextCurrent() (this=this at entry=0x7f11e79dc600)
at /usr/include/c++/9.2.0/bits/unique_ptr.h:352
#2 0x00007f127fa84de7 in WebCore::GraphicsContext3D::GraphicsContext3D(WebCore::GraphicsContext3DAttributes, WebCore::HostWindow*, WebCore::GraphicsContext3D::RenderStyle, WebCore::GraphicsContext3D*)
(this=0x7f11e79dc600, attributes=..., renderStyle=WebCore::GraphicsContext3D::RenderOffscreen, sharedContext=<optimized out>) at ../Source/WebCore/platform/graphics/texmap/GraphicsContext3DTextureMapper.cpp:114
ANGLEResources =
{MaxVertexAttribs = 913974467, MaxVertexUniformVectors = 2051993642, MaxVaryingVectors = 1025385667, MaxVertexTextureImageUnits = 2073325422, MaxCombinedTextureImageUnits = 0, MaxTextureImageUnits = 32767, MaxFragmentUniformVectors = 2102440001, MaxDrawBuffers = 32530, OES_standard_derivatives = 2103732800, OES_EGL_image_external = 32530, OES_EGL_image_external_essl3 = 0, NV_EGL_stream_consumer_external = 0, ARB_texture_rectangle = 7, EXT_blend_func_extended = 32530, EXT_draw_buffers = 0, EXT_frag_depth = 0, EXT_shader_texture_lod = 7, WEBGL_debug_shader_precision = 0, EXT_shader_framebuffer_fetch = 320393242, NV_shader_framebuffer_fetch = 21954, ARM_shader_framebuffer_fetch = 112, OVR_multiview2 = 0, EXT_YUV_target = 94, EXT_geometry_shader = 0, OES_texture_storage_multisample_2d_array = 0, ANGLE_texture_multisample = 0, ANGLE_multi_draw = 320393272, NV_draw_buffers = 21954, FragmentPrecisionHigh = 144, MaxVertexOutputVectors = 0, MaxFragmentInputVectors = 1, MinProgramTexelOffset = 0, MaxProgramTexelOffset = 7, MaxDualSourceDrawBuffers = 49, MaxViewsOVR = 0, HashFunction = 0x0, ArrayIndexClampingStrategy = (unknown: 0), MaxExpressionComplexity = 0, MaxCallStackDepth = 124, MaxFunctionParameters = 119, MinProgramTextureGatherOffset = 110, MaxProgramTextureGatherOffset = 91, MaxImageUnits = 2040611200, MaxVertexImageUniforms = 32530, MaxFragmentImageUniforms = 5, MaxComputeImageUniforms = 0, MaxCombinedImageUniforms = 94, MaxUniformLocations = 0, MaxCombinedShaderOutputResources = 2103732704, MaxComputeWorkGroupCount = {_M_elems = {32530, 21, 0}}, MaxComputeWorkGroupSize = {_M_elems = {2040219680, 32530, -16}}, MaxComputeUniformComponents = -1, MaxComputeTextureImageUnits = 2102445017, MaxComputeAtomicCounters = 32530, MaxComputeAtomicCounterBuffers = 2040779328, MaxVertexAtomicCounters = 32530, MaxFragmentAtomicCounters = 2040779328, MaxCombinedAtomicCounters = 32530, MaxAtomicCounterBindings = 329073248, MaxVertexAtomicCounterBuffers = 21954, MaxFragmentAtomicCounterBuffers = 2040728757, MaxCombinedAtomicCounterBuffers = 32530, MaxAtomicCounterBufferSize = 0, MaxUniformBufferBindings = 0, MaxShaderStorageBufferBindings = 327478688, MaxPointSize = 3.07641065e-41, MaxGeometryUniformComponents = 2117502338, MaxGeometryUniformBlocks = 21, MaxGeometryInputComponents = 2101557456, MaxGeometryOutputComponents = 32530, MaxGeometryOutputVertices = 0, MaxGeometryTotalOutputComponents = 0, MaxGeometryTextureImageUnits = -2139654388, MaxGeometryAtomicCounterBuffers = 32530, MaxGeometryAtomicCounters = 2144069542, MaxGeometryShaderStorageBlocks = 32530, MaxGeometryShaderInvocations = 855229712, MaxGeometryImageUniforms = 32767}
range = {1968767072, 32530}
precision = 32529
#3 0x00007f127fa859de in WebCore::GraphicsContext3D::create(WebCore::GraphicsContext3DAttributes, WebCore::HostWindow*, WebCore::GraphicsContext3D::RenderStyle)
(attributes=..., hostWindow=hostWindow at entry=0x7f1275590060, renderStyle=renderStyle at entry=WebCore::GraphicsContext3D::RenderOffscreen) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:140
initialized = true
success = true
contexts =
@0x7f12807b9c00: {m_start = 0, m_end = 0, m_buffer = {<WTF::VectorBufferBase<WebCore::GraphicsContext3D*>> = {m_buffer = 0x7f12807b9c20 <WebCore::activeContexts()::s_activeContexts+32>, m_capacity = 16, m_size = 0}, m_inlineBuffer = {{__data = "\000\000\000\000\000\000\000", __align = {<No data fields>}} <repeats 16 times>}}}
#4 0x00007f127f092c1f in WebCore::WebGLRenderingContextBase::create(WebCore::CanvasBase&, WebCore::GraphicsContext3DAttributes&, WTF::String const&) (canvas=..., attributes=..., type=...)
at ../Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp:601
isPendingPolicyResolution = false
hostWindow = 0x7f1275590060
canvasElement = <optimized out>
context =
{static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WebCore::GraphicsContext3D, WTF::DumbPtrTraits<WebCore::GraphicsContext3D> >::isRefPtr".>, m_ptr = 0x0}
extensions = <optimized out>
renderingContext = <optimized out>
#5 0x00007f127ef78603 in WebCore::HTMLCanvasElement::createContextWebGL(WTF::String const&, WebCore::GraphicsContext3DAttributes&&) (this=0x7f122426b610, type=..., attrs=...) at ../Source/WebCore/html/HTMLCanvasElement.cpp:408
#6 0x00007f127ef7c7d7 in WebCore::HTMLCanvasElement::getContext(JSC::ExecState&, WTF::String const&, WTF::Vector<JSC::Strong<JSC::Unknown>, 0ul, WTF::CrashOnOverflow, 16ul>&&) (this=this at entry=0x7f122426b610, state=..., contextId=..., arguments=...) at ../Source/WebCore/html/HTMLCanvasElement.cpp:276
scope = {<JSC::ExceptionScope> = {m_vm = @0x7f1226b00000}, <No data fields>}
attributes = {alpha = true, depth = true, stencil = false, antialias = true, premultipliedAlpha = true, preserveDrawingBuffer = false, failIfMajorPerformanceCaveat = false, powerPreference = WebCore::GraphicsContext3DPowerPreference::Default, shareResources = false, isWebGL2 = false, noExtensions = true, devicePixelRatio = 1, initialPowerPreference = WebCore::GraphicsContext3DPowerPreference::Default}
context = <optimized out>
#7 0x00007f127e4aea1d in WebCore::jsHTMLCanvasElementPrototypeFunctionGetContextBody (throwScope=..., castedThis=0x7f12013c6380, state=0x7fff32f9c750) at DerivedSources/WebCore/JSHTMLCanvasElement.cpp:291
impl = @0x7f122426b610: {<WebCore::HTMLElement> = {<WebCore::StyledElement> = {<WebCore::Element> = {<WebCore::ContainerNode> = {<WTF::CanMakeWeakPtr<WebCore::ContainerNode>> = {m_weakPtrFactory = {m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::WeakPtrImpl, WTF::DumbPtrTraits<WTF::WeakPtrImpl> >::isRefPtr".>, m_ptr = 0x0}}}, <WebCore::Node> = {<WebCore::EventTarget> = {<WebCore::ScriptWrappable> = {m_wrapper = {m_impl = 0x7f11e7933990}}, _vptr.EventTarget = 0x7f12806873d8 <vtable for WebCore::HTMLCanvasElement+16>}, static s_refCountIncrement = 2, static s_refCountMask = 4294967294, m_refCountAndParentBit = 2, m_nodeFlags = 524302, m_parentNode = 0x0, m_treeScope = 0x7f1224208c30, m_previous = 0x0, m_next = 0x0, m_data = {m_renderer = 0x0, m_rareData = 0x0}}, m_firstChild = 0x0, m_lastChild = 0x0}, m_tagName = {m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WebCore::QualifiedName::QualifiedNameImpl, WTF::DumbPtrTraits<WebCore::QualifiedName::QualifiedNameImpl> >::isRefPtr".>, m_ptr = 0x7f12755880c8}}, m_elementData = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WebCore::ElementData, WTF::DumbPtrTraits<WebCore::ElementData> >::isRefPtr".>, m_ptr = 0x0}}, <No data fields>}, <No data fields>}, <WebCore::CanvasBase> = {_vptr.CanvasBase = 0x7f12806878f8 <vtable for WebCore::HTMLCanvasElement+1328>, m_context = {_M_t = {_M_t = {<std::_Tuple_impl<0, WebCore::CanvasRenderingContext*, std::default_delete<WebCore::CanvasRenderingContext> >> = {<std::_Tuple_impl<1, std::default_delete<WebCore::CanvasRenderingContext> >> = {<std::_Head_base<1, std::default_delete<WebCore::CanvasRenderingContext>, true>> = {<std::default_delete<WebCore::CanvasRenderingContext>> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WebCore::CanvasRenderingContext*, false>> = {_M_head_impl = 0x0}, <No data fields>}, <No data fields>}}}, m_originClean = true, m_observers = {m_impl = {static m_maxLoad = 2, static m_minLoad = 6, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0, m_keyCount = 0, m_deletedCount = 0}}}, m_dirtyRect = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 0, m_height = 0}}, m_size = {m_width = 300, m_height = 150}, m_ignoreReset = false, m_usesDisplayListDrawing = false, m_tracksDisplayListReplay = false, m_imageBufferAssignmentLock = {static isHeldBit = 1 '\001', static hasParkedBit = 2 '\002', m_byte = {value = {<std::__atomic_base<unsigned char>> = {static _S_alignment = 1, _M_i = 0 '\000'}, static is_always_lock_free = true}}}, m_hasCreatedImageBuffer = false, m_didClearImageBuffer = false, m_imageBuffer = {_M_t = {_M_t = {<std::_Tuple_impl<0, WebCore::ImageBuffer*, std::default_delete<WebCore::ImageBuffer> >> = {<std::_Tuple_impl<1, std::default_delete<WebCore::ImageBuffer> >> = {<std::_Head_base<1, std::default_delete<WebCore::ImageBuffer>, true>> = {<std::default_delete<WebCore::ImageBuffer>> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WebCore::ImageBuffer*, false>> = {_M_head_impl = 0x0}, <No data fields>}, <No data fields>}}}, m_contextStateSaver = {_M_t = {_M_t = {<std::_Tuple_impl<0, WebCore::GraphicsContextStateSaver*, std::default_delete<WebCore::GraphicsContextStateSaver> >> = {<std::_Tuple_impl<1, std::default_delete<WebCore::GraphicsContextStateSaver> >> = {<std::_Head_base<1, std::default_delete<WebCore::GraphicsContextStateSaver>, true>> = {<std::default_delete<WebCore::GraphicsContextStateSaver>> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WebCore::GraphicsContextStateSaver*, false>> = {_M_head_impl = 0x0}, <No data fields>}, <No data fields>}}}, m_presentedImage = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WebCore::Image, WTF::DumbPtrTraits<WebCore::Image> >::isRefPtr".>, m_ptr = 0x0}, m_copiedImage = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WebCore::Image, WTF::DumbPtrTraits<WebCore::Image> >::isRefPtr".>, m_ptr = 0x0}}
contextId = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x7f11e79221e0}}
arguments = {<WTF::VectorBuffer<JSC::Strong<JSC::Unknown>, 0>> = {<WTF::VectorBufferBase<JSC::Strong<JSC::Unknown> >> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}
throwScope = {<JSC::ExceptionScope> = {m_vm = @0x7f1226b00000}, <No data fields>}
thisObject = 0x7f12013c6380
#8 0x00007f127e4aea1d in WebCore::IDLOperation<WebCore::JSHTMLCanvasElement>::call<WebCore::jsHTMLCanvasElementPrototypeFunctionGetContextBody> (operationName=0x7f127fcc3fa6 "getContext", state=...) at ../Source/WebCore/bindings/js/JSDOMOperation.h:53
throwScope = {<JSC::ExceptionScope> = {m_vm = @0x7f1226b00000}, <No data fields>}
thisObject = 0x7f12013c6380
#9 0x00007f127e4aea1d in WebCore::jsHTMLCanvasElementPrototypeFunctionGetContext(JSC::ExecState*) (state=0x7fff32f9c750) at DerivedSources/WebCore/JSHTMLCanvasElement.cpp:296
#10 0x00007f1227fff16b in ()
#11 0x00007fff32f9c860 in ()
#12 0x00007f127b9df421 in llint_op_call () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#13 0x0000000000000000 in ()
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190905/09687d3a/attachment-0001.html>
More information about the webkit-unassigned
mailing list