[Webkit-unassigned] [Bug 223940] New: Crash in WebCore::Style::determineChange

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 30 11:03:12 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=223940

            Bug ID: 223940
           Summary: Crash in WebCore::Style::determineChange
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: yalterz at gmail.com

Created attachment 424661

  --> https://bugs.webkit.org/attachment.cgi?id=424661&action=review

bt full

Touchpad-scrolling back and forth on https://quavergame.com/user/273 results in a crash.

#0  std::__uniq_ptr_impl<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::_M_ptr() const (this=0x8) at /usr/include/c++/10.2.0/bits/unique_ptr.h:421
#1  std::unique_ptr<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::get() const (this=0x8) at /usr/include/c++/10.2.0/bits/unique_ptr.h:422
#2  std::unique_ptr<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::operator*() const (this=0x8) at /usr/include/c++/10.2.0/bits/unique_ptr.h:407
#3  WebCore::CalculationValue::expression() const (this=0x0) at ../Source/WebCore/platform/CalculationValue.h:193
#4  WebCore::operator==(WebCore::CalculationValue const&, WebCore::CalculationValue const&) (b=..., a=...) at ../Source/WebCore/platform/CalculationValue.h:215
#5  WebCore::Length::isCalculatedEqual(WebCore::Length const&) const (this=this at entry=0x7ff3140f1650, other=...) at ../Source/WebCore/platform/Length.cpp:280
#6  0x00007ff3cd1d00dd in WebCore::Length::operator==(WebCore::Length const&) const (other=..., this=0x7ff3140f1650) at ../Source/WebCore/platform/Length.h:230
#7  WebCore::TranslateTransformOperation::operator==(WebCore::TransformOperation const&) const (this=0x7ff3140f1640, other=...) at ../Source/WebCore/platform/graphics/transforms/TranslateTransformOperation.cpp:35
#8  0x00007ff3cd1ca6a9 in WebCore::TransformOperation::operator!=(WebCore::TransformOperation const&) const (o=..., this=<optimized out>) at ../Source/WebCore/platform/graphics/transforms/TransformOperation.h:63
#9  WebCore::TransformOperations::operator==(WebCore::TransformOperations const&) const (this=0x7ff31c629ba8, o=...) at ../Source/WebCore/platform/graphics/transforms/TransformOperations.cpp:45
#10 0x00007ff3cd4c2eed in WebCore::StyleTransformData::operator==(WebCore::StyleTransformData const&) const (this=<optimized out>, other=...) at ../Source/WebCore/platform/Length.h:257
#11 0x00007ff3cd4c0b20 in WTF::DataRef<WebCore::StyleTransformData>::operator==(WTF::DataRef<WebCore::StyleTransformData> const&) const (other=..., this=0x7ff32436fa60)
    at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43
#12 WebCore::StyleRareNonInheritedData::operator==(WebCore::StyleRareNonInheritedData const&) const (this=0x7ff32436fa00, o=...) at ../Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp:239
#13 0x00007ff3cd4a0096 in WTF::DataRef<WebCore::StyleRareNonInheritedData>::operator==(WTF::DataRef<WebCore::StyleRareNonInheritedData> const&) const (other=..., this=0x7ff350145468)
    at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43
#14 WebCore::RenderStyle::operator==(WebCore::RenderStyle const&) const (other=..., this=0x7ff350145448) at ../Source/WebCore/rendering/style/RenderStyle.cpp:366
#15 WebCore::RenderStyle::operator==(WebCore::RenderStyle const&) const (this=this at entry=0x7ff350145448, other=...) at ../Source/WebCore/rendering/style/RenderStyle.cpp:357
#16 0x00007ff3cd540fa2 in WebCore::RenderStyle::operator!=(WebCore::RenderStyle const&) const (other=..., this=0x7ff350145448) at ../Source/WebCore/rendering/style/RenderStyle.h:163
#17 WebCore::Style::determineChange(WebCore::RenderStyle const&, WebCore::RenderStyle const&) (s1=..., s2=...) at ../Source/WebCore/style/StyleChange.cpp:58
#18 0x00007ff3cd54cfdf in WebCore::Style::TreeResolver::createAnimatedElementUpdate(std::unique_ptr<WebCore::RenderStyle, std::default_delete<WebCore::RenderStyle> >, WebCore::Styleable const&, WebCore::Style::Change) (this=0x7ffd79130ad0, newStyle=std::unique_ptr<WebCore::RenderStyle> = {...}, styleable=..., parentChange=WebCore::Style::Change::None) at /usr/include/c++/10.2.0/bits/unique_ptr.h:421
#19 0x00007ff3cd5547ac in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) (this=0x7ffd79130ad0, element=...) at /usr/include/c++/10.2.0/bits/unique_ptr.h:172
#20 0x00007ff3cd5550ff in WebCore::Style::TreeResolver::resolveComposedTree() (this=0x7ffd79130ad0) at ../Source/WebCore/style/StyleTreeResolver.cpp:533
#21 0x00007ff3cd555bd9 in WebCore::Style::TreeResolver::resolve() (this=this at entry=0x7ffd79130ad0) at ../Source/WebCore/style/StyleTreeResolver.cpp:591
#22 0x00007ff3cca1a629 in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (this=0x7ff3c0e09720, type=<optimized out>) at ../Source/WebCore/dom/Document.cpp:2056
#23 0x00007ff3cca1ada0 in WebCore::Document::updateStyleIfNeeded() (this=0x7ff3c0e09720) at ../Source/WebCore/dom/Document.cpp:2156
#24 0x00007ff3ccfdfeea in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (this=0x7ff3c0e08010) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43
#25 0x00007ff3ccffac09 in WebCore::Page::layoutIfNeeded() (this=this at entry=0x7ff3c278b500) at ../Source/WebCore/page/Page.cpp:1418
#26 0x00007ff3cd003259 in WebCore::Page::updateRendering() (this=0x7ff3c278b500) at ../Source/WebCore/page/Page.cpp:1532
#27 0x00007ff3cbdc2ead in WebKit::WebPage::updateRendering() (this=<optimized out>) at /usr/include/c++/10.2.0/bits/unique_ptr.h:421
#28 0x00007ff3cbdeef65 in WebKit::CompositingCoordinator::flushPendingLayerChanges() (this=0x7ff32438f100) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp:124
#29 0x00007ff3cbdf018b in WebKit::LayerTreeHost::layerFlushTimerFired() (this=0x7ff32438f000) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:147
#30 WebKit::LayerTreeHost::layerFlushTimerFired() (this=0x7ff32438f000) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:134
#31 0x00007ff3ca692605 in operator() (__closure=0x0, userData=0x7ff2e22a2718) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:176
#32 _FUN(gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:181
#33 0x00007ff3ca692883 in operator() (__closure=0x0, userData=0x7ff2e22a2718, callback=0x7ff3ca6925a0 <_FUN(gpointer)>, source=0x55f7f59b9df0) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#34 _FUN(GSource*, GSourceFunc, gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:56
#35 0x00007ff3caaa2e1f in g_main_dispatch (context=0x55f7f54b5ad0) at ../glib/gmain.c:3337
#36 g_main_context_dispatch (context=0x55f7f54b5ad0) at ../glib/gmain.c:4055
#37 0x00007ff3caaa31c8 in g_main_context_iterate (context=0x55f7f54b5ad0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4131
#38 0x00007ff3caaa34e3 in g_main_loop_run (loop=loop at entry=0x55f7f555d7f0) at ../glib/gmain.c:4329
#39 0x00007ff3ca6929e0 in WTF::RunLoop::run() () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#40 0x00007ff3cbdff889 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argc=3, argv=0x7ffd79131508, this=0x7ffd791313a0) at ../Source/WebKit/Shared/AuxiliaryProcessMain.h:51
#41 WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argv=0x7ffd79131508, argc=3, this=0x7ffd791313a0) at ../Source/WebKit/Shared/AuxiliaryProcessMain.h:57
#42 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=3, argv=0x7ffd79131508) at ../Source/WebKit/Shared/AuxiliaryProcessMain.h:96
#43 0x00007ff3caef9062 in __libc_start_main (main=0x55f7f4ab86b0 <main(int, char**)>, argc=3, argv=0x7ffd79131508, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd791314f8)
    at ../csu/libc-start.c:308
#44 0x000055f7f4ab86ee in _start () at ../sysdeps/x86_64/start.S:120

Fedora 34, Wayland, Epiphany 40.0-39-gddca625ba+ on Flatpak using WebKitGTK 2.32.0.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210330/c4b21585/attachment-0001.htm>

More information about the webkit-unassigned mailing list