[Webkit-unassigned] [Bug 250062] REGRESSION (iOS 16): The renderer process is frozen when opening a specific PDF via mozilla/pdfjs

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 19 08:04:42 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=250062

Kimmo Kinnunen <kkinnunen at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |kkinnunen at apple.com
         Resolution|---                         |DUPLICATE

--- Comment #10 from Kimmo Kinnunen <kkinnunen at apple.com> ---
Thanks for the report!
This was fixed as part of bug 250318.
This was related to Web process -> GPU Process communication:

- PDFJS creates a lot of canvas commands -> command buffer wraps around often
- Stream command buffer thinks 10 is the minimum bytes needed for the critical command
- Stream command buffer thinks SetStreamDestinationID is the critical command
- If the command buffer is within 10-15 bytes from wrap around during SetStreamDestinationID, this may fail because sometimes SetStreamDestinationID takes 16 bytes due to alignment within the command
- If SetStreamDestinationID, the command fails. The RRB is such a client that it doesn’t check for send failures
- If the failed command is a object creation command (create image buffer), the server doesn’t know about it
- Sender sends a new command to the new object (that did not get created)
- Down the line, the server sees a message to an object that has not been created. It doesn’t know what message it is, and as such it cannot parse the message. It must timeout the message and all subsequent messages
- The sender sends a sync message, in this case prepareBuffersForDisplay. 
- The sender times out waiting for the message

*** This bug has been marked as a duplicate of bug 250318 ***

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230119/1a156d6f/attachment.htm>

More information about the webkit-unassigned mailing list