[Webkit-unassigned] [Bug 233712] New: REGRESSION(r286209) [GTK][WPE] crashes in offscreen canvas tests that try to create a GL context

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Dec 1 10:40:55 PST 2021 

https://bugs.webkit.org/show_bug.cgi?id=233712

            Bug ID: 233712
           Summary: REGRESSION(r286209) [GTK][WPE] crashes in offscreen
                    canvas tests that try to create a GL context
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Major
          Priority: P2
         Component: Canvas
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: agoldmints at igalia.com
                CC: dino at apple.com

The change in r286209 has caused a number of crashes in offscreen canvas tests on GTK and WPE (which only run on GTK and WPE):
  http/wpt/offscreen-canvas/getContext-webgl.html [ Crash ]
  http/wpt/offscreen-canvas/transferToImageBitmap-webgl.html [ Crash ]
  imported/w3c/web-platform-tests/html/canvas/offscreen/manual/the-offscreen-canvas/offscreencanvas.getcontext.html [ Crash ]
  imported/w3c/web-platform-tests/html/canvas/offscreen/manual/the-offscreen-canvas/offscreencanvas.getcontext.worker.html [ Crash ]
  imported/w3c/web-platform-tests/html/canvas/offscreen/manual/the-offscreen-canvas/offscreencanvas.resize.html [ Crash ]
  imported/w3c/web-platform-tests/html/canvas/offscreen/manual/the-offscreen-canvas/offscreencanvas.transfer.to.imagebitmap.html [ Crash ]
  imported/w3c/web-platform-tests/html/canvas/offscreen/manual/the-offscreen-canvas/offscreencanvas.transfer.to.imagebitmap.w.html [ Crash ]
  imported/w3c/web-platform-tests/html/canvas/offscreen/manual/the-offscreen-canvas/offscreencanvas.transferrable.html [ Crash ]
  imported/w3c/web-platform-tests/html/canvas/offscreen/manual/the-offscreen-canvas/offscreencanvas.transferrable.w.html [ Crash ]

With a backtrace like the following:
#0  0x00007f806d263347 in WebCore::WebGLRenderingContextBase::create(WebCore::CanvasBase&, WebCore::GraphicsContextGLAttributes&, WebCore::GraphicsContextGLWebGLVersion) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#1  0x00007f806d1e9ccc in WebCore::OffscreenCanvas::createContextWebGL(WebCore::OffscreenCanvas::RenderingContextType, WebCore::GraphicsContextGLAttributes&&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#2  0x00007f806d1ea02e in WebCore::OffscreenCanvas::getContext(JSC::JSGlobalObject&, WebCore::OffscreenCanvas::RenderingContextType, WTF::Vector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#3  0x00007f806c2e0447 in WebCore::jsOffscreenCanvasPrototypeFunction_getContext(JSC::JSGlobalObject*, JSC::CallFrame*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#4  0x00007f8021cff1d8 in  ()
#5  0x00007fff5faf3cb0 in  ()
#6  0x00007f80682dc20d in op_call_slow_return_location () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0
#7  0x0000000000000000 in  ()

Not having debugged this in depth, my suspicion is that this change is not taking into account the offscreen case where hostWindow is null.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211201/a7225656/attachment.htm>

More information about the webkit-unassigned mailing list