[Webkit-unassigned] [Bug 263737] New: WebGL app crashes browser tab, displays artefacts, corrupts frame buffer of some external apps

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 26 11:54:41 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=263737

            Bug ID: 263737
           Summary: WebGL app crashes browser tab, displays artefacts,
                    corrupts frame buffer of some external apps
           Product: WebKit
           Version: Safari 16
          Hardware: Mac (Apple Silicon)
                OS: macOS 13
            Status: NEW
          Severity: Major
          Priority: P2
         Component: WebGL
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Daniel.balog at hexagon.com
                CC: dino at apple.com, kbr at google.com, kkinnunen at apple.com

We are having some issues right now when we make a small modification to our WebGL fragment shader, the Safari browser tab will show block-shaped artefacts, and eventually turn into a black screen. Sometimes, paired with this, the screen will flicker and turn purple. Sometimes other applications will also be affected, causing their menu-bars to be corrupted and display as a pink color. 

The issue can be reproduced by opening the following app (and waiting for a few seconds for it to fully load) in Safari: 

* https://demo.luciad.com/SafariCrash/Crash/

In contrast, the following link will not when opened in Safari:

* https://demo.luciad.com/SafariCrash/NoCrash/

The only difference between these two is that the first one has an additional negation "!" on line 795 of its fragment shader:

```
bool expVisibility = (!(obbContains(uPbf32cb21330d4f488e56b7f1b5399495, uP91661124b56445b6b535bff5f660cb8f, uP4fdbc5901e004423b93c543048182783, uP0674c263053247f9ac1f3f43621040f5, uP74ed0da32f0c46988ce6ca6a8c027e9d, uPc514f32b4ca5440da27ac9ae36036e12, uP73dcaa87566f49b5accc76532bec9829, uP60c71bd490b74b12ad7954e503ddabc4, uP6755c4c3f08c423a9509af88ad2682a7, uPf81428ee1f354e4a95e6e180e2e37b54, vPosition)));
    if (!expVisibility) {
        discard;
    }
```


If this exclamation mark is removed, the crash does not occur.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20231026/eee89709/attachment.htm>

More information about the webkit-unassigned mailing list