RESOLVED FIXED 107639
Coordinated Graphics: crash in TiledBackingStore::adjustForContentsRect 
https://bugs.webkit.org/show_bug.cgi?id=107639
Summary Coordinated Graphics: crash in TiledBackingStore::adjustForContentsRect
Jae Hyun Park
Reported 2013-01-22 23:56:58 PST
When running the following test case, Minibrowser crashes in Qt and EFL. http://black.company100.com/test/TC/3DCube/ This crash is caused by division by zero in TiledBackingStore::adjustForContentsRect. This crash was first observed at r135212. However, IMHO, reverting r135212 is not the right way to proceed.
Attachments
Patch (4.43 KB, patch)
2013-02-03 16:38 PST, Seulgi Kim 		no flags
DetailsFormatted DiffDiff
Patch (2.47 KB, patch)
2013-02-03 16:51 PST, Seulgi Kim 		no flags
DetailsFormatted DiffDiff
Patch (2.26 KB, patch)
2013-02-03 16:53 PST, Seulgi Kim 		no flags
DetailsFormatted DiffDiff
Patch for landing (2.50 KB, patch)
2013-02-04 15:30 PST, Seulgi Kim 		no flags
DetailsFormatted DiffDiff
Patch for landing (2.26 KB, patch)
2013-02-04 15:34 PST, Seulgi Kim 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Jae Hyun Park
Comment 1 2013-01-22 23:57:25 PST
Stack Trace: #0 0x00007ffff3baea61 in WebCore::TiledBackingStore::adjustForContentsRect (this=0x86cdb0, rect=...) at /home/jaepark/workspace/WebKitQt/Source/WebCore/platform/graphics/TiledBackingStore.cpp:384 #1 0x00007ffff3baed7f in WebCore::TiledBackingStore::computeCoverAndKeepRect (this=0x86cdb0, visibleRect=..., coverRect=..., keepRect=...) at /home/jaepark/workspace/WebKitQt/Source/WebCore/platform/graphics/TiledBackingStore.cpp:432 #2 0x00007ffff3bae456 in WebCore::TiledBackingStore::createTiles (this=0x86cdb0) at /home/jaepark/workspace/WebKitQt/Source/WebCore/platform/graphics/TiledBackingStore.cpp:288 #3 0x00007ffff3bad38c in WebCore::TiledBackingStore::coverWithTilesIfNeeded (this=0x86cdb0, trajectoryVector=...) at /home/jaepark/workspace/WebKitQt/Source/WebCore/platform/graphics/TiledBackingStore.cpp:87 #4 0x00007ffff3badd72 in WebCore::TiledBackingStore::commitScaleChange (this=0x86cdb0) at /home/jaepark/workspace/WebKitQt/Source/WebCore/platform/graphics/TiledBackingStore.cpp:202 #5 0x00007ffff3badd0e in WebCore::TiledBackingStore::setContentsScale (this=0x86cdb0, scale=1) at /home/jaepark/workspace/WebKitQt/Source/WebCore/platform/graphics/TiledBackingStore.cpp:194 #6 0x00007ffff7a0894f in WebCore::CoordinatedGraphicsLayer::createBackingStore (this=0x779b40) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp:674 #7 0x00007ffff7a0911e in WebCore::CoordinatedGraphicsLayer::updateContentBuffers (this=0x779b40) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp:783 #8 0x00007ffff7a08470 in WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly (this=0x779b40) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp:602 #9 0x00007ffff7a07a4e in WebCore::CoordinatedGraphicsLayer::flushCompositingState (this=0x779b40, rect=...) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp:458 #10 0x00007ffff7a07a8f in WebCore::CoordinatedGraphicsLayer::flushCompositingState (this=0x777b40, rect=...) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp:461 #11 0x00007ffff7a07a8f in WebCore::CoordinatedGraphicsLayer::flushCompositingState (this=0x762cf0, rect=...) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp:461 #12 0x00007ffff7a07a8f in WebCore::CoordinatedGraphicsLayer::flushCompositingState (this=0x692ac0, rect=...) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp:461 #13 0x00007ffff7a07a8f in WebCore::CoordinatedGraphicsLayer::flushCompositingState (this=0x50f700, rect=...) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp:461 #14 0x00007ffff7a07a8f in WebCore::CoordinatedGraphicsLayer::flushCompositingState (this=0x482190, rect=...) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedGraphicsLayer.cpp:461 #15 0x00007ffff3db80d8 in WebCore::RenderLayerCompositor::flushPendingLayerChanges (this=0x4af7f0, isFlushRoot=true) at /home/jaepark/workspace/WebKitQt/Source/WebCore/rendering/RenderLayerCompositor.cpp:323 #16 0x00007ffff3ae8f1b in WebCore::FrameView::flushCompositingStateForThisFrame (this=0x481e10, rootFrameForFlush=0x4723f0) at /home/jaepark/workspace/WebKitQt/Source/WebCore/page/FrameView.cpp:839 #17 0x00007ffff3ae9255 in WebCore::FrameView::flushCompositingStateIncludingSubframes (this=0x481e10) at /home/jaepark/workspace/WebKitQt/Source/WebCore/page/FrameView.cpp:921 #18 0x00007ffff7a110f0 in WebKit::LayerTreeCoordinator::flushPendingLayerChanges (this=0x468740) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.cpp:275 #19 0x00007ffff7a11e68 in WebKit::LayerTreeCoordinator::performScheduledLayerFlush (this=0x468740) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.cpp:504 #20 0x00007ffff7a11f60 in WebKit::LayerTreeCoordinator::layerFlushTimerFired (this=0x468740) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/LayerTreeCoordinator.cpp:528 #21 0x00007ffff7a1dc1a in WebCore::Timer<WebKit::LayerTreeCoordinator>::fired (this=0x468878) at /home/jaepark/workspace/WebKitQt/Source/WebCore/platform/Timer.h:106 #22 0x00007ffff3c38756 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x46dae0) at /home/jaepark/workspace/WebKitQt/Source/WebCore/platform/ThreadTimers.cpp:116 #23 0x00007ffff3c38677 in WebCore::ThreadTimers::sharedTimerFired () at /home/jaepark/workspace/WebKitQt/Source/WebCore/platform/ThreadTimers.cpp:93 #24 0x00007ffff3f4e018 in WebCore::SharedTimerQt::timerEvent (this=0x46db10, ev=0x7fffffffd8a0) at /home/jaepark/workspace/WebKitQt/Source/WebCore/platform/qt/SharedTimerQt.cpp:113 #25 0x00007ffff68af0d9 in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtCore.so.5 #26 0x00007ffff6bcf3f4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtWidgets.so.5 #27 0x00007ffff6bd2471 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtWidgets.so.5 #28 0x00007ffff6888754 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtCore.so.5 #29 0x00007ffff68cf3cc in QTimerInfoList::activateTimers() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtCore.so.5 #30 0x00007ffff68cfc5d in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtCore.so.5 #31 0x00007fffedef2d53 in g_main_dispatch (context=0x41de40) at /build/buildd/glib2.0-2.32.3/./glib/gmain.c:2539 #32 g_main_context_dispatch (context=0x41de40) at /build/buildd/glib2.0-2.32.3/./glib/gmain.c:3075 #33 0x00007fffedef30a0 in g_main_context_iterate (dispatch=1, block=<optimized out>, context=0x41de40, self=<optimized out>) at /build/buildd/glib2.0-2.32.3/./glib/gmain.c:3146 #34 g_main_context_iterate (context=0x41de40, block=<optimized out>, dispatch=1, self=<optimized out>) at /build/buildd/glib2.0-2.32.3/./glib/gmain.c:3083 #35 0x00007fffedef3164 in g_main_context_iteration (context=0x41de40, may_block=1) at /build/buildd/glib2.0-2.32.3/./glib/gmain.c:3207 #36 0x00007ffff68d0344 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtCore.so.5 #37 0x00007ffff68876fb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtCore.so.5 #38 0x00007ffff688abce in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtCore.so.5 #39 0x00007ffff3f34606 in WebCore::RunLoop::run () at /home/jaepark/workspace/WebKitQt/Source/WebCore/platform/qt/RunLoopQt.cpp:69 #40 0x00007ffff7a5ecef in WebKit::WebProcessMainQt (app=0x412e90) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/WebProcess/qt/WebProcessMainQt.cpp:195 #41 0x00000000004016a8 in main (argc=2, argv=0x7fffffffdee8) at /home/jaepark/workspace/WebKitQt/Source/WebKit2/qt/MainQt.cpp:95
Seulgi Kim
Comment 2 2013-02-03 16:38:44 PST
Created attachment 186276 [details] Patch
EFL EWS Bot
Comment 3 2013-02-03 16:44:13 PST
Comment on attachment 186276 [details] Patch Attachment 186276 [details] did not pass efl-ews (efl): Output: http://queues.webkit.org/results/16354841
Early Warning System Bot
Comment 4 2013-02-03 16:46:25 PST
Comment on attachment 186276 [details] Patch Attachment 186276 [details] did not pass qt-ews (qt): Output: http://queues.webkit.org/results/16353802
Early Warning System Bot
Comment 5 2013-02-03 16:47:00 PST
Comment on attachment 186276 [details] Patch Attachment 186276 [details] did not pass qt-wk2-ews (qt): Output: http://queues.webkit.org/results/16354850
Seulgi Kim
Comment 6 2013-02-03 16:51:18 PST
Created attachment 186278 [details] Patch
Seulgi Kim
Comment 7 2013-02-03 16:53:03 PST
Created attachment 186279 [details] Patch
Build Bot
Comment 8 2013-02-03 18:02:21 PST
Comment on attachment 186279 [details] Patch Attachment 186279 [details] did not pass win-ews (win): Output: http://queues.webkit.org/results/16357795
Build Bot
Comment 9 2013-02-03 19:07:28 PST
Comment on attachment 186279 [details] Patch Attachment 186279 [details] did not pass win-ews (win): Output: http://queues.webkit.org/results/16350876
Kenneth Rohde Christiansen
Comment 10 2013-02-04 00:39:57 PST
Comment on attachment 186279 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=186279&action=review > Source/WebCore/platform/graphics/TiledBackingStore.cpp:367 > + * If then cover/keep rect is not need to be inflated. Thus the latter should not be inflated*
Seulgi Kim
Comment 11 2013-02-04 15:30:06 PST
Created attachment 186479 [details] Patch for landing
Seulgi Kim
Comment 12 2013-02-04 15:34:29 PST
Created attachment 186480 [details] Patch for landing
Seulgi Kim
Comment 13 2013-02-04 15:38:15 PST
(In reply to comment #10) > (From update of attachment 186279 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=186279&action=review > > > Source/WebCore/platform/graphics/TiledBackingStore.cpp:367 > > + * If then cover/keep rect is not need to be inflated. > > Thus the latter should not be inflated* Thanks for your comment.
WebKit Review Bot
Comment 14 2013-02-04 16:56:10 PST
Comment on attachment 186480 [details] Patch for landing Clearing flags on attachment: 186480 Committed r141833: <http://trac.webkit.org/changeset/141833>
WebKit Review Bot
Comment 15 2013-02-04 16:56:14 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.