[Webkit-unassigned] [Bug 277333] New: crashes memcpy

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jul 30 00:52:39 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=277333

            Bug ID: 277333
           Summary: crashes memcpy
           Product: WebKit
           Version: WebKit Local Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Critical
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: muziknavi at gmail.com
                CC: bugs-noreply at webkitgtk.org

Created attachment 472014

  --> https://bugs.webkit.org/attachment.cgi?id=472014&action=review

gdb.log

Crash when loading a page or hovering over links.

webkitgtk 2.45.6, also tried 2.45.5.
epiphany 47.alpha-r107-g14ee20e4f


                Stack trace of thread 2:
                #0  0x00007f5b0e3b2312 memcpy (libwebkitgtk-6.0.so.4 + 0x39b2312)
                #1  0x00007f5b0e3b0813 paintBackgroundDecorations (libwebkitgtk-6.0.so.4 + 0x39b0813)
                #2  0x00007f5b0e3ad099 paintBackgroundDecorations (libwebkitgtk-6.0.so.4 + 0x39ad099)
                #3  0x00007f5b0e3a9eb7 paint (libwebkitgtk-6.0.so.4 + 0x39a9eb7)
                #4  0x00007f5b0db6c358 paintDisplayBox (libwebkitgtk-6.0.so.4 + 0x316c358)
                #5  0x00007f5b0db7654b paint (libwebkitgtk-6.0.so.4 + 0x317654b)
                #6  0x00007f5b0e1b6018 paintContents (libwebkitgtk-6.0.so.4 + 0x37b6018)
                #7  0x00007f5b0e1ae14a paint (libwebkitgtk-6.0.so.4 + 0x37ae14a)
                #8  0x00007f5b0e24e94c paintPhase (libwebkitgtk-6.0.so.4 + 0x384e94c)
                #9  0x00007f5b0e1c736b paintChild (libwebkitgtk-6.0.so.4 + 0x37c736b)
                #10 0x00007f5b0e23814f paintChildren (libwebkitgtk-6.0.so.4 + 0x383814f)
                #11 0x00007f5b0e1b5f87 paintContents (libwebkitgtk-6.0.so.4 + 0x37b5f87)
                #12 0x00007f5b0e1ae14a paint (libwebkitgtk-6.0.so.4 + 0x37ae14a)
                #13 0x00007f5b0e1c7383 paintChild (libwebkitgtk-6.0.so.4 + 0x37c7383)
                #14 0x00007f5b0e1bb71f paintChildren (libwebkitgtk-6.0.so.4 + 0x37bb71f)
                #15 0x00007f5b0e1b5f87 paintContents (libwebkitgtk-6.0.so.4 + 0x37b5f87)
                #16 0x00007f5b0e1ae14a paint (libwebkitgtk-6.0.so.4 + 0x37ae14a)
                #17 0x00007f5b0e2adfb5 paintForegroundForFragmentsWithPhase (libwebkitgtk-6.0.so.4 + 0x38adfb5)
                #18 0x00007f5b0e2a982a paintForegroundForFragments (libwebkitgtk-6.0.so.4 + 0x38a982a)
                #19 0x00007f5b0e2ad7a0 paintLayer (libwebkitgtk-6.0.so.4 + 0x38ad7a0)
                #20 0x00007f5b0e2a9d1b paintLayerContents (libwebkitgtk-6.0.so.4 + 0x38a9d1b)
                #21 0x00007f5b0e2ad7a0 paintLayer (libwebkitgtk-6.0.so.4 + 0x38ad7a0)
                #22 0x00007f5b0e2a9d1b paintLayerContents (libwebkitgtk-6.0.so.4 + 0x38a9d1b)
                #23 0x00007f5b0e2b7c91 operator() (libwebkitgtk-6.0.so.4 + 0x38b7c91)
                #24 0x00007f5b0e2b75f3 paintIntoLayer (libwebkitgtk-6.0.so.4 + 0x38b75f3)
                #25 0x00007f5b0e2b60a8 paintContents (libwebkitgtk-6.0.so.4 + 0x38b60a8)
                #26 0x00007f5b0c23303e paintGraphicsLayerContents (libwebkitgtk-6.0.so.4 + 0x183303e)
                #27 0x00007f5b0c230e73 operator() (libwebkitgtk-6.0.so.4 + 0x1830e73)
                #28 0x00007f5b0c22eecf finalizeCompositingStateFlush (libwebkitgtk-6.0.so.4 + 0x182eecf)
                #29 0x00007f5b0c22ef30 finalizeCompositingStateFlush (libwebkitgtk-6.0.so.4 + 0x182ef30)
                #30 0x00007f5b0c22ef30 finalizeCompositingStateFlush (libwebkitgtk-6.0.so.4 + 0x182ef30)
                #31 0x00007f5b0c22ef30 finalizeCompositingStateFlush (libwebkitgtk-6.0.so.4 + 0x182ef30)
                #32 0x00007f5b0c22ef30 finalizeCompositingStateFlush (libwebkitgtk-6.0.so.4 + 0x182ef30)
                #33 0x00007f5b0c22ef30 finalizeCompositingStateFlush (libwebkitgtk-6.0.so.4 + 0x182ef30)
                #34 0x00007f5b0c16a8b3 flushPendingLayerChanges (libwebkitgtk-6.0.so.4 + 0x176a8b3)
                #35 0x00007f5b0c17264e layerFlushTimerFired (libwebkitgtk-6.0.so.4 + 0x177264e)
                #36 0x00007f5b0a359ae3 operator() (libjavascriptcoregtk-6.0.so.1 + 0x1f59ae3)
                #37 0x00007f5b0a358560 operator() (libjavascriptcoregtk-6.0.so.1 + 0x1f58560)
                #38 0x00007f5b06141c29 g_main_dispatch (libglib-2.0.so.0 + 0x5cc29)
                #39 0x00007f5b061a3cb7 g_main_context_dispatch_unlocked (libglib-2.0.so.0 + 0xbecb7)
                #40 0x00007f5b06142947 g_main_loop_run (libglib-2.0.so.0 + 0x5d947)
                #41 0x00007f5b0a35917e run (libjavascriptcoregtk-6.0.so.1 + 0x1f5917e)
                #42 0x00007f5b0c17f30a run (libwebkitgtk-6.0.so.4 + 0x177f30a)
                #43 0x00007f5b0a834e08 __libc_start_call_main (libc.so.6 + 0x25e08)
                #44 0x00007f5b0a834ecc __libc_start_main_impl (libc.so.6 + 0x25ecc)
                #45 0x000055a548dff625 _start (WebKitWebProcess + 0x1625)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240730/3c3a1646/attachment-0001.htm>

More information about the webkit-unassigned mailing list