[Webkit-unassigned] [Bug 241988] New: Some WebGL tests can crash under CanvasBase::notifyObserversCanvasChanged()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 24 15:06:24 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=241988
Bug ID: 241988
Summary: Some WebGL tests can crash under
CanvasBase::notifyObserversCanvasChanged()
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebGL
Assignee: webkit-unassigned at lists.webkit.org
Reporter: simon.fraser at apple.com
CC: dino at apple.com, kbr at google.com, kkinnunen at apple.com
14:20:26.290 42513 worker/0 worker/0 fast/canvas/webgl/css-webkit-canvas.html crashed, (stderr lines):
14:20:26.290 42513 worker/0 HTMLCanvasElement::createImageBuffer - hostWindow is 0x76c0edfb0 page 0x76c03d300 view 0x76e002340
14:20:26.290 42513 worker/0 HTMLCanvasElement::needsPreparationForDisplay() - has buffer 1
14:20:26.290 42513 worker/0 ASSERTION FAILED: m_table
14:20:26.290 42513 worker/0 /Volumes/Data/Development/system/webkit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/HashTable.h(232) : void WTF::HashTableConstIterator<WTF::HashTable<WebCore::CanvasObserver *, WebCore::CanvasObserver *, WTF::IdentityExtractor, WTF::DefaultHash<WebCore::CanvasObserver *>, WTF::HashTraits<WebCore::CanvasObserver *>, WTF::HashTraits<WebCore::CanvasObserver *>>, WebCore::CanvasObserver *, WebCore::CanvasObserver *, WTF::IdentityExtractor, WTF::DefaultHash<WebCore::CanvasObserver *>, WTF::HashTraits<WebCore::CanvasObserver *>, WTF::HashTraits<WebCore::CanvasObserver *>>::checkValidity() const [HashTable = WTF::HashTable<WebCore::CanvasObserver *, WebCore::CanvasObserver *, WTF::IdentityExtractor, WTF::DefaultHash<WebCore::CanvasObserver *>, WTF::HashTraits<WebCore::CanvasObserver *>, WTF::HashTraits<WebCore::CanvasObserver *>>, Key = WebCore::CanvasObserver *, Value = WebCore::CanvasObserver *, Extractor = WTF::IdentityExtractor, HashFunctions = WTF::DefaultHash<WebCore::CanvasObserver *>, Traits = WTF::HashTraits<WebCore::CanvasObserver *>, KeyTraits = WTF::HashTraits<WebCore::CanvasObserver *>]
14:20:26.290 42513 worker/0 1 0x762a40f59 WTFCrash
14:20:26.290 42513 worker/0 2 0x77fd3b98b WTFCrashWithInfo(int, char const*, char const*, int)
14:20:26.290 42513 worker/0 3 0x78358c659 WTF::HashTableConstIterator<WTF::HashTable<WebCore::CanvasObserver*, WebCore::CanvasObserver*, WTF::IdentityExtractor, WTF::DefaultHash<WebCore::CanvasObserver*>, WTF::HashTraits<WebCore::CanvasObserver*>, WTF::HashTraits<WebCore::CanvasObserver*> >, WebCore::CanvasObserver*, WebCore::CanvasObserver*, WTF::IdentityExtractor, WTF::DefaultHash<WebCore::CanvasObserver*>, WTF::HashTraits<WebCore::CanvasObserver*>, WTF::HashTraits<WebCore::CanvasObserver*> >::checkValidity() const
14:20:26.290 42513 worker/0 4 0x78358c569 WTF::HashTableConstIterator<WTF::HashTable<WebCore::CanvasObserver*, WebCore::CanvasObserver*, WTF::IdentityExtractor, WTF::DefaultHash<WebCore::CanvasObserver*>, WTF::HashTraits<WebCore::CanvasObserver*>, WTF::HashTraits<WebCore::CanvasObserver*> >, WebCore::CanvasObserver*, WebCore::CanvasObserver*, WTF::IdentityExtractor, WTF::DefaultHash<WebCore::CanvasObserver*>, WTF::HashTraits<WebCore::CanvasObserver*>, WTF::HashTraits<WebCore::CanvasObserver*> >::operator++()
14:20:26.291 42513 worker/0 5 0x78357bee9 WTF::HashTableConstIteratorAdapter<WTF::HashTable<WebCore::CanvasObserver*, WebCore::CanvasObserver*, WTF::IdentityExtractor, WTF::DefaultHash<WebCore::CanvasObserver*>, WTF::HashTraits<WebCore::CanvasObserver*>, WTF::HashTraits<WebCore::CanvasObserver*> >, WebCore::CanvasObserver*>::operator++()
14:20:26.291 42513 worker/0 6 0x78357bdc4 WebCore::CanvasBase::notifyObserversCanvasChanged(std::__1::optional<WebCore::FloatRect> const&)
14:20:26.291 42513 worker/0 7 0x7835de67f WebCore::HTMLCanvasElement::didDraw(std::__1::optional<WebCore::FloatRect> const&)
14:20:26.291 42513 worker/0 8 0x7837f549f WebCore::WebGLRenderingContextBase::markContextChanged()
14:20:26.291 42513 worker/0 9 0x7837e5ff2 WebCore::WebGLRenderingContextBase::markContextChangedAndNotifyCanvasObserver(WebCore::WebGLRenderingContextBase::CallerType)
14:20:26.291 42513 worker/0 10 0x7837f799b WebCore::WebGLRenderingContextBase::clear(unsigned int)
14:20:26.291 42513 worker/0 11 0x781a8d98b WebCore::jsWebGLRenderingContextPrototypeFunction_clearBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()::operator()() const
14:20:26.291 42513 worker/0 12 0x781a8d94d JSC::JSValue WebCore::toJS<WebCore::IDLUndefined, WebCore::jsWebGLRenderingContextPrototypeFunction_clearBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::jsWebGLRenderingContextPrototypeFunction_clearBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()&&)
14:20:26.291 42513 worker/0 13 0x781a8d8b6 WebCore::jsWebGLRenderingContextPrototypeFunction_clearBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)
14:20:26.291 42513 worker/0 14 0x781a8d4be long long WebCore::IDLOperation<WebCore::JSWebGLRenderingContext>::call<&(WebCore::jsWebGLRenderingContextPrototypeFunction_clearBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
14:20:26.291 42513 worker/0 15 0x781a80e84 WebCore::jsWebGLRenderingContextPrototypeFunction_clear(JSC::JSGlobalObject*, JSC::CallFrame*)
14:20:26.291 42513 worker/0 16 0x4c235400c038
14:20:26.291 42513 worker/0 17 0x7631134a9 llint_entry
14:20:26.291 42513 worker/0 18 0x7631134a9 llint_entry
14:20:26.292 42513 worker/0 19 0x7630eef90 vmEntryToJavaScript
14:20:26.292 42513 worker/0 20 0x76407cbc2 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
14:20:26.292 42513 worker/0 21 0x76407c2d9 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
14:20:26.292 42513 worker/0 22 0x7644a8945 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
14:20:26.292 42513 worker/0 23 0x7644a8a8c JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
14:20:26.292 42513 worker/0 24 0x782abe218 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
14:20:26.292 42513 worker/0 25 0x782abdc8e WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
14:20:26.292 42513 worker/0 26 0x782abda49 WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
14:20:26.292 42513 worker/0 27 0x782abe495 WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&)
14:20:26.292 42513 worker/0 28 0x78334b370 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&)
14:20:26.292 42513 worker/0 29 0x783349414 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport)
14:20:26.292 42513 worker/0 30 0x78386171e WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&)
14:20:26.292 42513 worker/0 31 0x783861524 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement> >&&, WTF::TextPosition const&)
14:20:26.292 42513 worker/0 com.apple.WebKit.WebContent.Development terminated (pid 42709) for reason: crash
14:20:26.293 42513 worker/0 LEAK: 1 WebPageProxy
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220624/5529a5bf/attachment.htm>
More information about the webkit-unassigned
mailing list