[Webkit-unassigned] [Bug 231423] New: SIGSEGV when creating WebGL context in Safari 15.0, crashes tab completely

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 8 04:48:39 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=231423

            Bug ID: 231423
           Summary: SIGSEGV when creating WebGL context in Safari 15.0,
                    crashes tab completely
           Product: WebKit
           Version: Safari 15
          Hardware: Mac (Intel)
                OS: macOS 11
            Status: NEW
          Severity: Blocker
          Priority: P2
         Component: WebGL
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: will.morgan at iproov.com
                CC: dino at apple.com, kbr at google.com, kkinnunen at apple.com

Created attachment 440593

  --> https://bugs.webkit.org/attachment.cgi?id=440593&action=review

com.apple.WebKit.WebContent_2021-10-08-124039_Mac.crash

Hi,

Safari 15 is now crashing the tab when creating a WebGL canvas context. This is now blocking all users of Safari 15 from using our, and our customers, web apps.


Unfortunately no console logs are available, but here is what the system console says - full log attached:

Process:               com.apple.WebKit.WebContent [87508]
Path:                  /Library/Apple/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
Identifier:            com.apple.WebKit.WebContent
Version:               16612 (16612.1.29.41.4)
Build Info:            WebKit-7612001029041004~8 (612A78a)
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
Responsible:           Safari [87045]
User ID:               501

Date/Time:             2021-10-08 12:40:34.829 +0100
OS Version:            macOS 11.6 (20G165)
Report Version:        12
Bridge OS Version:     3.0 (14Y908)
Anonymous UUID:        EE8A9404-E3A7-470C-9EC2-1B968DC00E20

Sleep/Wake UUID:       B189040B-3AF0-490F-B83B-9312801AD26E

Time Awake Since Boot: 400000 seconds
Time Since Wake:       13000 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [87508]

VM Regions Near 0:
--> 
    __TEXT                      1070ca000-1070ce000    [   16K] r-x/r-x SM=COW  /Library/Apple/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

Application Specific Information:
Bundle controller class:
BrowserBundleController


Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                   0x00000005b8cd793c WebCore::GraphicsContextGLOpenGL::reshapeDisplayBufferBacking() + 188
1   com.apple.WebCore                   0x00000005b82dd243 WebCore::GraphicsContextGLOpenGL::reshapeFBOs(WebCore::IntSize const&) + 451
2   com.apple.WebCore                   0x00000005b82df2c3 WebCore::GraphicsContextGLOpenGL::reshape(int, int) + 547
3   com.apple.WebCore                   0x00000005b96cdfe4 WebCore::WebGLRenderingContextBase::initializeNewContext() + 2324
4   com.apple.WebCore                   0x00000005b96d9312 WebCore::WebGLRenderingContextBase::create(WebCore::CanvasBase&, WebCore::GraphicsContextGLAttributes&, WebCore::GraphicsContextGLWebGLVersion) + 2882
5   com.apple.WebCore                   0x00000005b959325a WebCore::HTMLCanvasElement::createContextWebGL(WebCore::GraphicsContextGLWebGLVersion, WebCore::GraphicsContextGLAttributes&&) + 330
6   com.apple.WebCore                   0x00000005b9592e92 WebCore::HTMLCanvasElement::getContext(JSC::JSGlobalObject&, WTF::String const&, WTF::Vector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 1186
7   com.apple.WebCore                   0x00000005b8640b6b WebCore::jsHTMLCanvasElementPrototypeFunction_getContext(JSC::JSGlobalObject*, JSC::CallFrame*) + 411
8   ???                                 0x00004632a1a011d8 0 + 77183273931224
9   com.apple.JavaScriptCore            0x00000005bc49ac4e llint_entry + 112071
10  com.apple.JavaScriptCore            0x00000005bc49b939 llint_entry + 115378
11  com.apple.JavaScriptCore            0x00000005bc49ac4e llint_entry + 112071
12  com.apple.JavaScriptCore            0x00000005bc49ac4e llint_entry + 112071
13  com.apple.JavaScriptCore            0x00000005bc49abc9 llint_entry + 111938
14  com.apple.JavaScriptCore            0x00000005bc49abc9 llint_entry + 111938
15  com.apple.JavaScriptCore            0x00000005bc49abc9 llint_entry + 111938
16  com.apple.JavaScriptCore            0x00000005bc49ac4e llint_entry + 112071
17  com.apple.JavaScriptCore            0x00000005bc49ac4e llint_entry + 112071
18  com.apple.JavaScriptCore            0x00000005bc47f486 vmEntryToJavaScript + 216

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211008/1c214442/attachment.htm>

More information about the webkit-unassigned mailing list