[Webkit-unassigned] [Bug 218858] New: [GPU Process] ASSERT_NOT_REACHED() when calling fillRect with a pattern style

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 12 10:30:24 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=218858

            Bug ID: 218858
           Summary: [GPU Process] ASSERT_NOT_REACHED() when calling
                    fillRect with a pattern style
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Canvas
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sabouhallawa at apple.com
                CC: dino at apple.com

Created attachment 413949

  --> https://bugs.webkit.org/attachment.cgi?id=413949&action=review

test case

Open the attached test case in a Debug build and with enabling GPU rendering for canvas.

Result:

SHOULD NEVER BE REACHED
/Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/Encoder.h(110) : static RefPtr<WebCore::SharedBuffer> IPC::Encoder::encodeSingleObject(const T &) [T = WebCore::DisplayList::SetState]
1   0x13ee3d6a9 WTFCrash
2   0x10904eb5b WTFCrashWithInfo(int, char const*, char const*, int)
3   0x10a80a8f9 WTF::RefPtr<WebCore::SharedBuffer, WTF::RawPtrTraits<WebCore::SharedBuffer>, WTF::DefaultRefDerefTraits<WebCore::SharedBuffer> > IPC::Encoder::encodeSingleObject<WebCore::DisplayList::SetState>(WebCore::DisplayList::SetState const&)
4   0x10a8076d1 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableIOSurfaceBackend>::encodeItem(WebCore::DisplayList::ItemHandle) const
5   0x10a807a45 non-virtual thunk to WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableIOSurfaceBackend>::encodeItem(WebCore::DisplayList::ItemHandle) const
6   0x12401d09d WebCore::DisplayList::ItemBuffer::appendEncodedData(WebCore::DisplayList::ItemHandle)
7   0x12403e2de void WebCore::DisplayList::ItemBuffer::append<WebCore::DisplayList::SetState, WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&>(WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&)
8   0x12403e247 void WebCore::DisplayList::DisplayList::append<WebCore::DisplayList::SetState, WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&>(WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&)
9   0x12402271e void WebCore::DisplayList::Recorder::append<WebCore::DisplayList::SetState, WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&>(WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&)
10  0x124022476 WebCore::DisplayList::Recorder::appendStateChangeItem(WebCore::GraphicsContextStateChange const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>)
11  0x124022acd WebCore::DisplayList::Recorder::willAppendItemOfType(WebCore::DisplayList::ItemType)
12  0x124025ecb void WebCore::DisplayList::Recorder::append<WebCore::DisplayList::FillRect, WebCore::FloatRect const&>(WebCore::FloatRect const&)
13  0x124025e8d WebCore::DisplayList::Recorder::fillRect(WebCore::FloatRect const&)
14  0x123f86e1c WebCore::GraphicsContext::fillRect(WebCore::FloatRect const&)
15  0x1233adb09 WebCore::CanvasRenderingContext2DBase::fillRect(float, float, float, float)
16  0x1206e4e85 WebCore::jsCanvasRenderingContext2DPrototypeFunction_fillRectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*)
17  0x1206e481c long long WebCore::IDLOperation<WebCore::JSCanvasRenderingContext2D>::call<&(WebCore::jsCanvasRenderingContext2DPrototypeFunction_fillRectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
18  0x1206756b4 WebCore::jsCanvasRenderingContext2DPrototypeFunction_fillRect(JSC::JSGlobalObject*, JSC::CallFrame*)
19  0x38ac35a01178
20  0x13f417e4b llint_entry
21  0x13f3f66e0 vmEntryToJavaScript
22  0x14023eb6b JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
23  0x14023f327 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
24  0x14058c3fd JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
25  0x14058c4df JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
26  0x14058c7c2 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
27  0x12275d0ae WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
28  0x12277af1b WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&)
29  0x122e47377 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase)
30  0x122e436b4 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
31  0x122eb6758 WebCore::Node::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201112/5e20b448/attachment-0001.htm>

More information about the webkit-unassigned mailing list