Bug 218858

Summary:

[GPU Process] ASSERT_NOT_REACHED() when calling fillRect with a pattern style

Product:

WebKit

Reporter:

Said Abou-Hallawa <sabouhallawa>

Component:

Canvas

Assignee:

Nobody <webkit-unassigned>

Status:

NEW ---

Severity:

Normal

CC:

dino, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
test case	none

Description Said Abou-Hallawa 2020-11-12 10:30:24 PST

Created attachment 413949 [details]
test case

Open the attached test case in a Debug build and with enabling GPU rendering for canvas.

Result:

SHOULD NEVER BE REACHED
/Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/Encoder.h(110) : static RefPtr<WebCore::SharedBuffer> IPC::Encoder::encodeSingleObject(const T &) [T = WebCore::DisplayList::SetState]
1   0x13ee3d6a9 WTFCrash
2   0x10904eb5b WTFCrashWithInfo(int, char const*, char const*, int)
3   0x10a80a8f9 WTF::RefPtr<WebCore::SharedBuffer, WTF::RawPtrTraits<WebCore::SharedBuffer>, WTF::DefaultRefDerefTraits<WebCore::SharedBuffer> > IPC::Encoder::encodeSingleObject<WebCore::DisplayList::SetState>(WebCore::DisplayList::SetState const&)
4   0x10a8076d1 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableIOSurfaceBackend>::encodeItem(WebCore::DisplayList::ItemHandle) const
5   0x10a807a45 non-virtual thunk to WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableIOSurfaceBackend>::encodeItem(WebCore::DisplayList::ItemHandle) const
6   0x12401d09d WebCore::DisplayList::ItemBuffer::appendEncodedData(WebCore::DisplayList::ItemHandle)
7   0x12403e2de void WebCore::DisplayList::ItemBuffer::append<WebCore::DisplayList::SetState, WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&>(WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&)
8   0x12403e247 void WebCore::DisplayList::DisplayList::append<WebCore::DisplayList::SetState, WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&>(WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&)
9   0x12402271e void WebCore::DisplayList::Recorder::append<WebCore::DisplayList::SetState, WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&>(WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&)
10  0x124022476 WebCore::DisplayList::Recorder::appendStateChangeItem(WebCore::GraphicsContextStateChange const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>)
11  0x124022acd WebCore::DisplayList::Recorder::willAppendItemOfType(WebCore::DisplayList::ItemType)
12  0x124025ecb void WebCore::DisplayList::Recorder::append<WebCore::DisplayList::FillRect, WebCore::FloatRect const&>(WebCore::FloatRect const&)
13  0x124025e8d WebCore::DisplayList::Recorder::fillRect(WebCore::FloatRect const&)
14  0x123f86e1c WebCore::GraphicsContext::fillRect(WebCore::FloatRect const&)
15  0x1233adb09 WebCore::CanvasRenderingContext2DBase::fillRect(float, float, float, float)
16  0x1206e4e85 WebCore::jsCanvasRenderingContext2DPrototypeFunction_fillRectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*)
17  0x1206e481c long long WebCore::IDLOperation<WebCore::JSCanvasRenderingContext2D>::call<&(WebCore::jsCanvasRenderingContext2DPrototypeFunction_fillRectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
18  0x1206756b4 WebCore::jsCanvasRenderingContext2DPrototypeFunction_fillRect(JSC::JSGlobalObject*, JSC::CallFrame*)
19  0x38ac35a01178
20  0x13f417e4b llint_entry
21  0x13f3f66e0 vmEntryToJavaScript
22  0x14023eb6b JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
23  0x14023f327 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
24  0x14058c3fd JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
25  0x14058c4df JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
26  0x14058c7c2 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
27  0x12275d0ae WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
28  0x12277af1b WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&)
29  0x122e47377 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase)
30  0x122e436b4 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
31  0x122eb6758 WebCore::Node::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy

Comment 1 Radar WebKit Bug Importer 2020-11-19 10:31:16 PST

<rdar://problem/71592189>