[Webkit-unassigned] [Bug 244529] [WPE][GTK] Crash decoding JPEG2000 images which use sub-sampling
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 30 01:26:42 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=244529
--- Comment #2 from Adrian Perez <aperez at igalia.com> ---
Stack backtrace:
#0 WebCore::JPEG2000ImageDecoder::decode () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/image-decoders/jpeg2000/JPEG2000ImageDecoder.cpp:523
Downloading 0.02 MB source file /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/image-decoders/jpeg2000/JPEG2000ImageDecoder.cpp
523 g = image->comps[1].data[offset];
[Current thread is 1 (Thread 0x7f38f0246000 (LWP 2))]
(gdb) bt
#0 WebCore::JPEG2000ImageDecoder::decode(bool, bool) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/image-decoders/jpeg2000/JPEG2000ImageDecoder.cpp:523
#1 0x00007f38f7abe52b in WebCore::JPEG2000ImageDecoder::frameBufferAtIndex(unsigned long) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/image-decoders/jpeg2000/JPEG2000ImageDecoder.cpp:354
#2 0x00007f38f7aaed82 in WebCore::ScalableImageDecoder::createFrameImageAtIndex(unsigned long, WebCore::SubsamplingLevel, WebCore::DecodingOptions const&) ()
at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/image-decoders/ScalableImageDecoder.cpp:245
#3 0x00007f38f8b7b17a in WebCore::ImageSource::frameAtIndexCacheIfNeeded(unsigned long, WebCore::ImageFrame::Caching, std::optional<WebCore::SubsamplingLevel> const&) ()
at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/ImageSource.cpp:457
#4 WebCore::ImageSource::frameAtIndexCacheIfNeeded(unsigned long, WebCore::ImageFrame::Caching, std::optional<WebCore::SubsamplingLevel> const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/ImageSource.cpp:433
#5 WebCore::ImageSource::frameImageAtIndexCacheIfNeeded(unsigned long, WebCore::SubsamplingLevel) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/ImageSource.cpp:705
#6 WebCore::BitmapImage::frameImageAtIndexCacheIfNeeded(unsigned long, WebCore::SubsamplingLevel) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/BitmapImage.cpp:137
#7 0x00007f38f8b843fa in WebCore::BitmapImage::draw(WebCore::GraphicsContext&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) ()
at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/BitmapImage.cpp:302
#8 0x00007f38f8baec6e in WebCore::GraphicsContext::drawImage(WebCore::Image&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/GraphicsContext.cpp:649
#9 0x00007f38f8d4fea4 in WebCore::RenderImage::paintIntoRect(WebCore::PaintInfo&, WebCore::FloatRect const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderImage.cpp:689
#10 0x00007f38f8d686ca in WebCore::RenderImage::paintReplaced(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderImage.cpp:578
#11 0x00007f38f8dc3564 in WebCore::RenderReplaced::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderReplaced.cpp:279
#12 0x00007f38f8d68c43 in WebCore::RenderImage::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderImage.cpp:596
#13 0x00007f38f8cbd39e in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) ()
at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderBlock.cpp:1203
#14 0x00007f38f8c7b755 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderBlock.cpp:1167
#15 0x00007f38f8cdc931 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderBlock.cpp:1160
#16 WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderBlock.cpp:1135
#17 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderBlock.cpp:1319
#18 0x00007f38f8c7b566 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderBlock.cpp:1123
#19 0x00007f38f8cbd39e in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) ()
at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderBlock.cpp:1203
#20 0x00007f38f8c7b755 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderBlock.cpp:1167
#21 0x00007f38f8cdc931 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderBlock.cpp:1160
#22 WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderBlock.cpp:1135
#23 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderBlock.cpp:1319
#24 0x00007f38f8c7b566 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderBlock.cpp:1123
#25 0x00007f38f8d4a2e7 in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderLayer.cpp:3928
#26 0x00007f38f8d71e6d in WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderLayer.cpp:3905
#27 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) ()
at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderLayer.cpp:3486
#28 0x00007f38f8d742f5 in WebCore::RenderLayer::paintList(WebCore::RenderLayer::LayerList, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) ()
at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderLayer.cpp:3603
#29 0x00007f38f8d711e2 in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) ()
at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderLayer.cpp:3502
#30 0x00007f38f8d84a25 in operator() () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderLayerBacking.cpp:3248
#31 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*) ()
at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderLayerBacking.cpp:3266
#32 0x00007f38f8d8552d in WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) ()
at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/rendering/RenderLayerBacking.cpp:3527
#33 0x00007f38f7ac61fe in WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/GraphicsLayer.cpp:541
#34 operator() () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/nicosia/NicosiaPaintingEngineBasic.cpp:66
#35 paint<Nicosia::PaintingEngineBasic::paint(WebCore::GraphicsLayer&, WTF::Ref<Nicosia::Buffer>&&, const WebCore::IntRect&, const WebCore::IntRect&, const WebCore::IntRect&, float)::<lambda(WebCore::GraphicsContext&)> > ()
at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/nicosia/NicosiaPaintingContext.h:49
#36 Nicosia::PaintingEngineBasic::paint(WebCore::GraphicsLayer&, WTF::Ref<Nicosia::Buffer, WTF::RawPtrTraits<Nicosia::Buffer> >&&, WebCore::IntRect const&, WebCore::IntRect const&, WebCore::IntRect const&, float) ()
at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/nicosia/NicosiaPaintingEngineBasic.cpp:49
#37 0x00007f38f7ae1fc8 in WebCore::CoordinatedGraphicsLayer::updateContentBuffers() () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1177
#38 0x00007f38f7ae364e in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1091
--Type <RET> for more, q to quit, c to continue without paging--c
#39 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1094
#40 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1094
#41 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1094
#42 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1094
#43 0x00007f38f7a0a626 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() () at /usr/src/debug/webkitgtk-2.36.7/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1094
#44 WebKit::CompositingCoordinator::flushPendingLayerChanges(WTF::OptionSet<WebCore::FinalizeRenderingUpdateFlags>) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp:136
#45 0x00007f38f7a10e3a in WebKit::LayerTreeHost::layerFlushTimerFired() () at /usr/src/debug/webkitgtk-2.36.7/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:157
#46 0x00007f38f61d73f0 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () at /usr/src/debug/webkitgtk-2.36.7/Source/WTF/wtf/glib/RunLoopGLib.cpp:177
#47 0x00007f38f620e706 in operator() () at /usr/src/debug/webkitgtk-2.36.7/Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#48 _FUN() () at /usr/src/debug/webkitgtk-2.36.7/Source/WTF/wtf/glib/RunLoopGLib.cpp:56
#49 0x00007f38f6965c6b in g_main_dispatch (context=0x55aec803f320) at ../glib/glib/gmain.c:3417
#50 g_main_context_dispatch (context=0x55aec803f320) at ../glib/glib/gmain.c:4135
#51 0x00007f38f69bc001 in g_main_context_iterate.constprop.0 (context=0x55aec803f320, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4211
#52 0x00007f38f69651cf in g_main_loop_run (loop=0x55aec8127610) at ../glib/glib/gmain.c:4411
#53 0x00007f38f61fb812 in WTF::RunLoop::run() () at /usr/src/debug/webkitgtk-2.36.7/Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#54 0x00007f38f79f0843 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebKit/Shared/AuxiliaryProcessMain.h:70
#55 WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebKit/Shared/AuxiliaryProcessMain.h:57
#56 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebKit/Shared/AuxiliaryProcessMain.h:96
#57 WebKit::WebProcessMain(int, char**) () at /usr/src/debug/webkitgtk-2.36.7/Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:98
#58 0x00007f38f6c3c2d0 in __libc_start_call_main (main=main at entry=0x55aec7a83020 <main()>, argc=argc at entry=3, argv=argv at entry=0x7ffce61ac798) at ../sysdeps/nptl/libc_start_call_main.h:58
#59 0x00007f38f6c3c38a in __libc_start_main_impl (main=0x55aec7a83020 <main()>, argc=3, argv=0x7ffce61ac798, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffce61ac788) at ../csu/libc-start.c:381
#60 0x000055aec7a83055 in _start () at ../sysdeps/x86_64/start.S:115
(gdb)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220830/1b460050/attachment-0001.htm>
More information about the webkit-unassigned
mailing list