[Webkit-unassigned] [Bug 223940] Crash in WebCore::Style::determineChange

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 30 11:27:21 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=223940

--- Comment #1 from Ivan Molodetskikh <yalterz at gmail.com> ---
Also got it on my desktop with mouse wheel scrolling in a maximized window.

#0  0x00007fe337fa524c in std::__uniq_ptr_impl<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::_M_ptr() const (this=<optimized out>) at /usr/include/c++/10.2.0/bits/unique_ptr.h:421
#1  std::unique_ptr<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::get() const (this=<optimized out>) at /usr/include/c++/10.2.0/bits/unique_ptr.h:422
#2  std::unique_ptr<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::operator*() const (this=<optimized out>) at /usr/include/c++/10.2.0/bits/unique_ptr.h:407
#3  WebCore::CalculationValue::expression() const (this=<optimized out>) at ../Source/WebCore/platform/CalculationValue.h:193
#4  WebCore::operator==(WebCore::CalculationValue const&, WebCore::CalculationValue const&) (b=..., a=...) at ../Source/WebCore/platform/CalculationValue.h:215
#5  WebCore::Length::isCalculatedEqual(WebCore::Length const&) const (this=this at entry=0x7fe22e818d58, other=...) at ../Source/WebCore/platform/Length.cpp:280
#6  0x00007fe3380de0dd in WebCore::Length::operator==(WebCore::Length const&) const (other=..., this=0x7fe22e818d58) at ../Source/WebCore/platform/Length.h:230
#7  WebCore::TranslateTransformOperation::operator==(WebCore::TransformOperation const&) const (this=0x7fe22e818d48, other=...) at ../Source/WebCore/platform/graphics/transforms/TranslateTransformOperation.cpp:35
#8  0x00007fe3380d86a9 in WebCore::TransformOperation::operator!=(WebCore::TransformOperation const&) const (o=..., this=<optimized out>) at ../Source/WebCore/platform/graphics/transforms/TransformOperation.h:63
#9  WebCore::TransformOperations::operator==(WebCore::TransformOperations const&) const (this=0x7fe20d09cb78, o=...) at ../Source/WebCore/platform/graphics/transforms/TransformOperations.cpp:45
#10 0x00007fe3383d0eed in WebCore::StyleTransformData::operator==(WebCore::StyleTransformData const&) const (this=<optimized out>, other=...) at ../Source/WebCore/platform/Length.h:257
#11 0x00007fe3383ceb20 in WTF::DataRef<WebCore::StyleTransformData>::operator==(WTF::DataRef<WebCore::StyleTransformData> const&) const (other=..., this=0x7fe20d09a260) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43
#12 WebCore::StyleRareNonInheritedData::operator==(WebCore::StyleRareNonInheritedData const&) const (this=0x7fe20d09a200, o=...) at ../Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp:239
#13 0x00007fe3383ae096 in WTF::DataRef<WebCore::StyleRareNonInheritedData>::operator==(WTF::DataRef<WebCore::StyleRareNonInheritedData> const&) const (other=..., this=0x7fe2c81c1708) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43
#14 WebCore::RenderStyle::operator==(WebCore::RenderStyle const&) const (other=..., this=0x7fe2c81c16e8) at ../Source/WebCore/rendering/style/RenderStyle.cpp:366
#15 WebCore::RenderStyle::operator==(WebCore::RenderStyle const&) const (this=this at entry=0x7fe2c81c16e8, other=...) at ../Source/WebCore/rendering/style/RenderStyle.cpp:357
#16 0x00007fe33844efa2 in WebCore::RenderStyle::operator!=(WebCore::RenderStyle const&) const (other=..., this=0x7fe2c81c16e8) at ../Source/WebCore/rendering/style/RenderStyle.h:163
#17 WebCore::Style::determineChange(WebCore::RenderStyle const&, WebCore::RenderStyle const&) (s1=..., s2=...) at ../Source/WebCore/style/StyleChange.cpp:58
#18 0x00007fe33845afdf in WebCore::Style::TreeResolver::createAnimatedElementUpdate(std::unique_ptr<WebCore::RenderStyle, std::default_delete<WebCore::RenderStyle> >, WebCore::Styleable const&, WebCore::Style::Change)
    (this=0x7ffcb80f9430, newStyle=std::unique_ptr<WebCore::RenderStyle> = {...}, styleable=..., parentChange=WebCore::Style::Change::None) at /usr/include/c++/10.2.0/bits/unique_ptr.h:421
#19 0x00007fe3384627ac in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) (this=0x7ffcb80f9430, element=...) at /usr/include/c++/10.2.0/bits/unique_ptr.h:172
#20 0x00007fe3384630ff in WebCore::Style::TreeResolver::resolveComposedTree() (this=0x7ffcb80f9430) at ../Source/WebCore/style/StyleTreeResolver.cpp:533
#21 0x00007fe338463bd9 in WebCore::Style::TreeResolver::resolve() (this=this at entry=0x7ffcb80f9430) at ../Source/WebCore/style/StyleTreeResolver.cpp:591
#22 0x00007fe337928629 in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (this=0x7fe32c508410, type=<optimized out>) at ../Source/WebCore/dom/Document.cpp:2056
#23 0x00007fe337928da0 in WebCore::Document::updateStyleIfNeeded() (this=0x7fe32c508410) at ../Source/WebCore/dom/Document.cpp:2156
#24 0x00007fe337eedeea in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (this=0x7fe22f78d3d8) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43
#25 0x00007fe337f08c09 in WebCore::Page::layoutIfNeeded() (this=this at entry=0x7fe32d68b500) at ../Source/WebCore/page/Page.cpp:1418
#26 0x00007fe337f11259 in WebCore::Page::updateRendering() (this=0x7fe32d68b500) at ../Source/WebCore/page/Page.cpp:1532
#27 0x00007fe336cd0ead in WebKit::WebPage::updateRendering() (this=<optimized out>) at /usr/include/c++/10.2.0/bits/unique_ptr.h:421
#28 0x00007fe336cfcf65 in WebKit::CompositingCoordinator::flushPendingLayerChanges() (this=0x7fe26c04c460) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp:124
#29 0x00007fe336cfe18b in WebKit::LayerTreeHost::layerFlushTimerFired() (this=0x7fe26c04c360) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:147
#30 WebKit::LayerTreeHost::layerFlushTimerFired() (this=0x7fe26c04c360) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:134
#31 0x00007fe3355a0605 in operator() (__closure=0x0, userData=0x7fe26c0ac238) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:176
#32 _FUN(gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:181
#33 0x00007fe3355a0883 in operator() (__closure=0x0, userData=0x7fe26c0ac238, callback=0x7fe3355a05a0 <_FUN(gpointer)>, source=0x55b1fdeb9ac0) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#34 _FUN(GSource*, GSourceFunc, gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:56
#35 0x00007fe3359b0e1f in g_main_dispatch (context=0x55b1fda6dad0) at ../glib/gmain.c:3337
#36 g_main_context_dispatch (context=0x55b1fda6dad0) at ../glib/gmain.c:4055
#37 0x00007fe3359b11c8 in g_main_context_iterate (context=0x55b1fda6dad0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4131
#38 0x00007fe3359b14e3 in g_main_loop_run (loop=loop at entry=0x55b1fdc16fe0) at ../glib/gmain.c:4329
#39 0x00007fe3355a09e0 in WTF::RunLoop::run() () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#40 0x00007fe336d0d889 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argc=3, argv=0x7ffcb80f9e68, this=0x7ffcb80f9d00) at ../Source/WebKit/Shared/AuxiliaryProcessMain.h:51
#41 WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argv=0x7ffcb80f9e68, argc=3, this=0x7ffcb80f9d00) at ../Source/WebKit/Shared/AuxiliaryProcessMain.h:57
#42 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=3, argv=0x7ffcb80f9e68) at ../Source/WebKit/Shared/AuxiliaryProcessMain.h:96
#43 0x00007fe335e07062 in __libc_start_main (main=0x55b1fd90b6b0 <main(int, char**)>, argc=3, argv=0x7ffcb80f9e68, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcb80f9e58) at ../csu/libc-start.c:308
#44 0x000055b1fd90b6ee in _start () at ../sysdeps/x86_64/start.S:120

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210330/6cff2ace/attachment-0001.htm>

More information about the webkit-unassigned mailing list