Bug 217746

Summary:

[WinCairo][GraphicsLayerTextureMapper] css3/filters/backdrop/backdrop-filter-with-border-radius-and-reflection-remove.html is crashing

Product:

WebKit

Reporter:

Fujii Hironori <Hironori.Fujii>

Component:

Platform

Assignee:

Fujii Hironori <Hironori.Fujii>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

cmarcelo, don.olmstead, ews-watchlist, kondapallykalyan, luiz, noam, ross.kirsling, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	don.olmstead: review+, ews-feeder: commit-queue-

Description Fujii Hironori 2020-10-14 19:34:52 PDT

[WinCairo][TextureMapper] css3/filters/backdrop/backdrop-filter-with-border-radius-and-reflection-remove.html is crashing

Callstack

> WebKit.dll!std::swap<WTF::WeakPtrImpl<WTF::EmptyCounter> *,0>(WTF::WeakPtrImpl<WTF::EmptyCounter> * & _Left, WTF::WeakPtrImpl<WTF::EmptyCounter> * & _Right) Line 106	C++
> WebKit.dll!WTF::DumbPtrTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>::swap(WTF::WeakPtrImpl<WTF::EmptyCounter> * & a, WTF::WeakPtrImpl<WTF::EmptyCounter> * & b) Line 42	C++
> WebKit.dll!WTF::RefPtr<WTF::WeakPtrImpl<WTF::EmptyCounter>,WTF::DumbPtrTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>,WTF::DefaultRefDerefTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>>::swap<WTF::WeakPtrImpl<WTF::EmptyCounter>,WTF::DumbPtrTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>,WTF::DefaultRefDerefTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>>(WTF::RefPtr<WTF::WeakPtrImpl<WTF::EmptyCounter>,WTF::DumbPtrTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>,WTF::DefaultRefDerefTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>> & o) Line 194	C++
> WebKit.dll!WTF::RefPtr<WTF::WeakPtrImpl<WTF::EmptyCounter>,WTF::DumbPtrTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>,WTF::DefaultRefDerefTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>>::operator=(WTF::RefPtr<WTF::WeakPtrImpl<WTF::EmptyCounter>,WTF::DumbPtrTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>,WTF::DefaultRefDerefTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>> && o) Line 168	C++
> WebKit.dll!WTF::WeakPtr<WebCore::TextureMapperLayer,WTF::EmptyCounter>::operator=(WTF::WeakPtr<WebCore::TextureMapperLayer,WTF::EmptyCounter> && __that)	C++
> WebKit.dll!WebCore::TextureMapperLayer::setReplicaLayer(WebCore::TextureMapperLayer * replicaLayer) Line 581	C++
> WebKit.dll!WebCore::GraphicsLayerTextureMapper::commitLayerChanges() Line 419	C++
> WebKit.dll!WebCore::GraphicsLayerTextureMapper::flushCompositingStateForThisLayerOnly() Line 360	C++
> WebKit.dll!WebCore::GraphicsLayerTextureMapper::flushCompositingState(const WebCore::FloatRect & rect) Line 511	C++
> WebKit.dll!WebCore::GraphicsLayerTextureMapper::flushCompositingState(const WebCore::FloatRect & rect) Line 522	C++
> WebKit.dll!WebCore::GraphicsLayerTextureMapper::flushCompositingState(const WebCore::FloatRect & rect) Line 522	C++
> WebKit.dll!WebCore::GraphicsLayerTextureMapper::flushCompositingState(const WebCore::FloatRect & rect) Line 522	C++
> WebKit.dll!WebCore::GraphicsLayerTextureMapper::flushCompositingState(const WebCore::FloatRect & rect) Line 522	C++
> WebKit.dll!WebCore::GraphicsLayerTextureMapper::flushCompositingState(const WebCore::FloatRect & rect) Line 522	C++
> WebKit.dll!WebCore::RenderLayerCompositor::flushPendingLayerChanges(bool isFlushRoot) Line 575	C++
> WebKit.dll!WebCore::FrameView::flushCompositingStateForThisFrame(const WebCore::Frame & rootFrameForFlush) Line 975	C++
> WebKit.dll!WebCore::FrameView::flushCompositingStateIncludingSubframes() Line 1139	C++
> WebKit.dll!AcceleratedCompositingContext::flushPendingLayerChanges() Line 282	C++
> WebKit.dll!AcceleratedCompositingContext::flushAndRenderLayers() Line 308	C++
> WebKit.dll!AcceleratedCompositingContext::layerFlushTimerFired() Line 319	C++
> WebKit.dll!AcceleratedCompositingContext::LayerFlushTimer::fired() Line 89	C++
> WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 130	C++
> WebKit.dll!WebCore::ThreadTimers::setSharedTimer::__l8::<lambda>() Line 67	C++
> WebKit.dll!WTF::Detail::CallableWrapper<void <lambda>(void),void>::call() Line 52	C++
> WebKit.dll!WTF::Function<void __cdecl(void)>::operator()() Line 84	C++
> WebKit.dll!WebCore::MainThreadSharedTimer::fired() Line 84	C++
> WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 89	C++
> user32.dll!00007ff9bf655c1d()	Unknown
> user32.dll!00007ff9bf655612()	Unknown
> MiniBrowserLib.dll!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 120	C++
> MiniBrowserLib.dll!dllLauncherEntryPoint(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 140	C++
> MiniBrowser.exe!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 224	C++
> [Inline Frame] MiniBrowser.exe!invoke_main() Line 118	C++
> MiniBrowser.exe!__scrt_common_main_seh() Line 288	C++
> kernel32.dll!00007ff9bfe07c24()	Unknown
> ntdll.dll!00007ff9c144cea1()	Unknown

In GraphicsLayerTextureMapper::commitLayerChanges, replicaLayer() was nullptr.

Comment 1 Fujii Hironori 2020-10-14 19:57:32 PDT

Created attachment 411399 [details]
Patch

Comment 2 Fujii Hironori 2020-10-15 12:55:15 PDT

Committed r268548: <https://trac.webkit.org/changeset/268548>

Comment 3 Radar WebKit Bug Importer 2020-10-15 12:56:20 PDT

<rdar://problem/70348434>