Bug 218858

Summary: [GPU Process] ASSERT_NOT_REACHED() when calling fillRect with a pattern style
Product: WebKit Reporter: Said Abou-Hallawa <sabouhallawa>
Component: CanvasAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: dino, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
test case none

Said Abou-Hallawa
Reported 2020-11-12 10:30:24 PST
Created attachment 413949 [details] test case Open the attached test case in a Debug build and with enabling GPU rendering for canvas. Result: SHOULD NEVER BE REACHED /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/Encoder.h(110) : static RefPtr<WebCore::SharedBuffer> IPC::Encoder::encodeSingleObject(const T &) [T = WebCore::DisplayList::SetState] 1 0x13ee3d6a9 WTFCrash 2 0x10904eb5b WTFCrashWithInfo(int, char const*, char const*, int) 3 0x10a80a8f9 WTF::RefPtr<WebCore::SharedBuffer, WTF::RawPtrTraits<WebCore::SharedBuffer>, WTF::DefaultRefDerefTraits<WebCore::SharedBuffer> > IPC::Encoder::encodeSingleObject<WebCore::DisplayList::SetState>(WebCore::DisplayList::SetState const&) 4 0x10a8076d1 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableIOSurfaceBackend>::encodeItem(WebCore::DisplayList::ItemHandle) const 5 0x10a807a45 non-virtual thunk to WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableIOSurfaceBackend>::encodeItem(WebCore::DisplayList::ItemHandle) const 6 0x12401d09d WebCore::DisplayList::ItemBuffer::appendEncodedData(WebCore::DisplayList::ItemHandle) 7 0x12403e2de void WebCore::DisplayList::ItemBuffer::append<WebCore::DisplayList::SetState, WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&>(WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&) 8 0x12403e247 void WebCore::DisplayList::DisplayList::append<WebCore::DisplayList::SetState, WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&>(WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&) 9 0x12402271e void WebCore::DisplayList::Recorder::append<WebCore::DisplayList::SetState, WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&>(WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&) 10 0x124022476 WebCore::DisplayList::Recorder::appendStateChangeItem(WebCore::GraphicsContextStateChange const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>) 11 0x124022acd WebCore::DisplayList::Recorder::willAppendItemOfType(WebCore::DisplayList::ItemType) 12 0x124025ecb void WebCore::DisplayList::Recorder::append<WebCore::DisplayList::FillRect, WebCore::FloatRect const&>(WebCore::FloatRect const&) 13 0x124025e8d WebCore::DisplayList::Recorder::fillRect(WebCore::FloatRect const&) 14 0x123f86e1c WebCore::GraphicsContext::fillRect(WebCore::FloatRect const&) 15 0x1233adb09 WebCore::CanvasRenderingContext2DBase::fillRect(float, float, float, float) 16 0x1206e4e85 WebCore::jsCanvasRenderingContext2DPrototypeFunction_fillRectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*) 17 0x1206e481c long long WebCore::IDLOperation<WebCore::JSCanvasRenderingContext2D>::call<&(WebCore::jsCanvasRenderingContext2DPrototypeFunction_fillRectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) 18 0x1206756b4 WebCore::jsCanvasRenderingContext2DPrototypeFunction_fillRect(JSC::JSGlobalObject*, JSC::CallFrame*) 19 0x38ac35a01178 20 0x13f417e4b llint_entry 21 0x13f3f66e0 vmEntryToJavaScript 22 0x14023eb6b JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 23 0x14023f327 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 24 0x14058c3fd JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 25 0x14058c4df JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 26 0x14058c7c2 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 27 0x12275d0ae WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 28 0x12277af1b WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) 29 0x122e47377 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) 30 0x122e436b4 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) 31 0x122eb6758 WebCore::Node::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Attachments
test case (661 bytes, text/html)
2020-11-12 10:30 PST, Said Abou-Hallawa 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-11-19 10:31:16 PST
<rdar://problem/71592189>
Note You need to log in before you can comment on or make changes to this bug.