WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
218773
[GPU Process] Memory corruption when flushing a display list before recording an item into another display list
https://bugs.webkit.org/show_bug.cgi?id=218773
Summary
[GPU Process] Memory corruption when flushing a display list before recording...
Said Abou-Hallawa
Reported
2020-11-10 14:09:09 PST
Created
attachment 413738
[details]
test case Open the attached test case after enabling GPU rendering for Canvas. Result memory corruption with the following call stack: Process: com.apple.WebKit.WebContent.Development [20708] Path: /Volumes/VOLUME/*/com.apple.WebKit.WebContent.Development Identifier: com.apple.WebKit.WebContent.Development Version: 611+ (611.1.5+) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: MiniBrowser [20690] User ID: 501 Date/Time: 2020-11-10 10:35:59.614 -0800 OS Version: Mac OS X 10.16 (20A2390) Report Version: 12 Bridge OS Version: 5.0 (18P2405) Anonymous UUID: E10D90FF-F0E4-F39B-653E-9A623503F035 Sleep/Wake UUID: CD8C2CA3-F7AE-4A88-96C8-1290F414D163 Time Awake Since Boot: 430000 seconds Time Since Wake: 4000 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000005913ea074 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [20708] VM Regions Near 0x5913ea074: __LINKEDIT 591386000-591388000 [ 8K] rw-/rwx SM=NUL /System/Library/Extensions/AMDRadeonX5000MTLDriver.bundle/Contents/MacOS/AMDRadeonX5000MTLDriver --> WebKit Malloc 591400000-591700000 [ 3072K] rw-/rwx SM=PRV Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000056a614fe3 void WebCore::DisplayList::ItemBuffer::uncheckedAppend<WebCore::DisplayList::DrawImageBuffer, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&>(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>&&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) + 51 (DisplayListItemBuffer.h:182) 1 com.apple.WebCore 0x000000056a614fa1 void WebCore::DisplayList::ItemBuffer::append<WebCore::DisplayList::DrawImageBuffer, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&>(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>&&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) + 129 (DisplayListItemBuffer.h:167) 2 com.apple.WebCore 0x000000056a614e61 void WebCore::DisplayList::DisplayList::append<WebCore::DisplayList::DrawImageBuffer, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&>(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>&&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) + 113 (DisplayList.h:179) 3 com.apple.WebCore 0x000000056a5edb39 void WebCore::DisplayList::Recorder::append<WebCore::DisplayList::DrawImageBuffer, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&>(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>&&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) + 169 (DisplayListRecorder.h:154) 4 com.apple.WebCore 0x000000056a5ed9cc WebCore::DisplayList::Recorder::drawImageBuffer(WebCore::ImageBuffer&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) + 156 (DisplayListRecorder.cpp:193) 5 com.apple.WebCore 0x000000056a467d03 WebCore::GraphicsContext::drawImageBuffer(WebCore::ImageBuffer&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) + 147 (GraphicsContext.cpp:807) 6 com.apple.WebCore 0x0000000569984fb6 WebCore::CanvasRenderingContext2DBase::drawImage(WebCore::CanvasBase&, WebCore::FloatRect const&, WebCore::FloatRect const&) + 1878 (CanvasRenderingContext2DBase.cpp:1608) 7 com.apple.WebCore 0x000000056999b6b9 WebCore::ExceptionOr<void> WebCore::CanvasRenderingContext2DBase::drawImage(WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&&, float, float, float, float)::$_4::operator()<WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> > >(WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >&) const + 217 (CanvasRenderingContext2DBase.cpp:1427) 8 com.apple.WebCore 0x000000056999b3e6 WebCore::ExceptionOr<void> WTF::__visitor_table<WTF::Visitor<WebCore::CanvasRenderingContext2DBase::drawImage(WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&&, float, float, float, float)::$_4>, WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >::__trampoline_func<WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> > >(WTF::Visitor<WebCore::CanvasRenderingContext2DBase::drawImage(WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&&, float, float, float, float)::$_4>&, WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&) + 70 (Variant.h:1870) 9 com.apple.WebCore 0x000000056999b2bd WTF::__visitor_return_type<WTF::Visitor<WebCore::CanvasRenderingContext2DBase::drawImage(WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&&, float, float, float, float)::$_4>, WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >::__type WTF::visit<WTF::Visitor<WebCore::CanvasRenderingContext2DBase::drawImage(WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&&, float, float, float, float)::$_4>, WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >(WTF::Visitor<WebCore::CanvasRenderingContext2DBase::drawImage(WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&&, float, float, float, float)::$_4>&&, WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&) + 109 (Variant.h:1886) 10 com.apple.WebCore 0x0000000569983041 decltype(WTF::visit(makeVisitor(std::forward<WebCore::CanvasRenderingContext2DBase::drawImage(WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&&, float, float, float, float)::$_4>(fp0)), std::forward<WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&>(fp))) WTF::switchOn<WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&, WebCore::CanvasRenderingContext2DBase::drawImage(WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&&, float, float, float, float)::$_4>(WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&, WebCore::CanvasRenderingContext2DBase::drawImage(WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&&, float, float, float, float)::$_4&&) + 145 (Variant.h:2051) 11 com.apple.WebCore 0x0000000569982f97 WebCore::CanvasRenderingContext2DBase::drawImage(WTF::Variant<WTF::RefPtr<WebCore::HTMLImageElement, WTF::RawPtrTraits<WebCore::HTMLImageElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLImageElement> >, WTF::RefPtr<WebCore::HTMLCanvasElement, WTF::RawPtrTraits<WebCore::HTMLCanvasElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLCanvasElement> >, WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >, WTF::RefPtr<WebCore::TypedOMCSSImageValue, WTF::RawPtrTraits<WebCore::TypedOMCSSImageValue>, WTF::DefaultRefDerefTraits<WebCore::TypedOMCSSImageValue> >, WTF::RefPtr<WebCore::HTMLVideoElement, WTF::RawPtrTraits<WebCore::HTMLVideoElement>, WTF::DefaultRefDerefTraits<WebCore::HTMLVideoElement> > >&&, float, float, float, float) + 103 (CanvasRenderingContext2DBase.cpp:1424) 12 com.apple.WebCore 0x0000000566c9fee1 WebCore::jsCanvasRenderingContext2DPrototypeFunction_drawImage2Body(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*) + 1729 (JSCanvasRenderingContext2D.cpp:1915) 13 com.apple.WebCore 0x0000000566c9f19b WebCore::jsCanvasRenderingContext2DPrototypeFunction_drawImageOverloadDispatcher(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*) + 299 (JSCanvasRenderingContext2D.cpp:1971) 14 com.apple.WebCore 0x0000000566c9f03c long long WebCore::IDLOperation<WebCore::JSCanvasRenderingContext2D>::call<&(WebCore::jsCanvasRenderingContext2DPrototypeFunction_drawImageOverloadDispatcher(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 796 (JSDOMOperation.h:53) 15 com.apple.WebCore 0x0000000566c526e4 WebCore::jsCanvasRenderingContext2DPrototypeFunction_drawImage(JSC::JSGlobalObject*, JSC::CallFrame*) + 36 (JSCanvasRenderingContext2D.cpp:1981) 16 ??? 0x00003767c2a01178 0 + 60918786429304 17 com.apple.JavaScriptCore 0x000000058559a82b llint_entry + 136317 (LowLevelInterpreter.asm:1091) 18 com.apple.JavaScriptCore 0x00000005855790c0 vmEntryToJavaScript + 289 (LowLevelInterpreter64.asm:316) 19 com.apple.JavaScriptCore 0x00000005863c15fb JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 235 (JITCodeInlines.h:42) 20 com.apple.JavaScriptCore 0x00000005863c1db7 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1815 (Interpreter.cpp:905) 21 com.apple.JavaScriptCore 0x000000058670ec3d JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 221 (CallData.cpp:57) 22 com.apple.JavaScriptCore 0x000000058670ed1f JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 207 (CallData.cpp:64) 23 com.apple.JavaScriptCore 0x000000058670f002 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 130 (CallData.cpp:85) 24 com.apple.WebCore 0x0000000568d329fe WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 110 (JSExecState.h:73) 25 com.apple.WebCore 0x0000000568d32651 WebCore::JSCallbackData::invokeCallback(WebCore::JSDOMGlobalObject&, JSC::JSObject*, JSC::JSValue, JSC::MarkedArgumentBuffer&, WebCore::JSCallbackData::CallbackType, JSC::PropertyName, WTF::NakedPtr<JSC::Exception>&) + 1537 (JSCallbackData.cpp:91) 26 com.apple.WebCore 0x0000000566b3943d WebCore::JSCallbackDataStrong::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, WebCore::JSCallbackData::CallbackType, JSC::PropertyName, WTF::NakedPtr<JSC::Exception>&) + 173 (JSCallbackData.h:90) 27 com.apple.WebCore 0x000000056782dc17 WebCore::JSRequestAnimationFrameCallback::handleEvent(double) + 423 (JSRequestAnimationFrameCallback.cpp:70) 28 com.apple.WebCore 0x0000000569517e51 WebCore::ScriptedAnimationController::serviceRequestAnimationFrameCallbacks(WTF::Seconds) + 545 (ScriptedAnimationController.cpp:163) 29 com.apple.WebCore 0x000000056931d660 WebCore::Document::serviceRequestAnimationFrameCallbacks() + 128 (Document.cpp:6457) 30 com.apple.WebCore 0x000000056a18c379 WebCore::Page::updateRendering()::$_21::operator()(WebCore::Document&) const + 25 (Page.cpp:1516) 31 com.apple.WebCore 0x000000056a18c333 WTF::Detail::CallableWrapper<WebCore::Page::updateRendering()::$_21, void, WebCore::Document&>::call(WebCore::Document&) + 51 (Function.h:52) 32 com.apple.WebCore 0x000000056a15961a WTF::Function<void (WebCore::Document&)>::operator()(WebCore::Document&) const + 154 (Function.h:83) 33 com.apple.WebCore 0x000000056a14afcc WebCore::Page::forEachDocument(WTF::Function<void (WebCore::Document&)> const&) const + 220 (Page.cpp:3174) 34 com.apple.WebCore 0x000000056a1524ac WebCore::Page::updateRendering()::$_16::operator()(WebCore::RenderingUpdateStep, WTF::Function<void (WebCore::Document&)> const&) const + 92 (Page.cpp:1491) 35 com.apple.WebCore 0x000000056a15208d WebCore::Page::updateRendering() + 797 (Page.cpp:1515) 36 com.apple.WebKit 0x0000000559be8976 WebKit::WebPage::updateRendering() + 38 (WebPage.cpp:3934) 37 com.apple.WebKit 0x0000000559699bf0 WebKit::TiledCoreAnimationDrawingArea::updateRendering(WebKit::TiledCoreAnimationDrawingArea::UpdateRenderingType) + 96 (TiledCoreAnimationDrawingArea.mm:454) 38 com.apple.WebKit 0x000000055969ea2d WebKit::TiledCoreAnimationDrawingArea::updateRenderingRunLoopCallback() + 61 (TiledCoreAnimationDrawingArea.mm:937) 39 com.apple.WebKit 0x00000005596ab548 WebKit::TiledCoreAnimationDrawingArea::TiledCoreAnimationDrawingArea(WebKit::WebPage&, WebKit::WebPageCreationParameters const&)::$_0::operator()() const + 24 (TiledCoreAnimationDrawingArea.mm:87) 40 com.apple.WebKit 0x00000005596ab4fe WTF::Detail::CallableWrapper<WebKit::TiledCoreAnimationDrawingArea::TiledCoreAnimationDrawingArea(WebKit::WebPage&, WebKit::WebPageCreationParameters const&)::$_0, void>::call() + 30 (Function.h:52) 41 com.apple.WebCore 0x00000005665f9bc2 WTF::Function<void ()>::operator()() const + 130 (Function.h:83) 42 com.apple.WebCore 0x000000056a39dfa0 WebCore::RunLoopObserver::runLoopObserverFired() + 144 (RunLoopObserver.cpp:44) 43 com.apple.WebCore 0x000000056a39df00 WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*) + 32 (RunLoopObserver.cpp:38) 44 com.apple.CoreFoundation 0x00007fff20451ded __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23 45 com.apple.CoreFoundation 0x00007fff20451c7d __CFRunLoopDoObservers + 549 46 com.apple.CoreFoundation 0x00007fff20450786 CFRunLoopRunSpecific + 683 47 com.apple.Foundation 0x00007fff211d86c1 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 48 com.apple.Foundation 0x00007fff21266ac4 -[NSRunLoop(NSRunLoop) run] + 76 49 libxpc.dylib 0x00007fff200a93dd _xpc_objc_main + 825 50 libxpc.dylib 0x00007fff200a8e65 xpc_main + 437 51 com.apple.WebKit 0x0000000558b4b8ec WebKit::XPCServiceMain(int, char const**) + 1020 (XPCServiceMain.mm:208) 52 com.apple.WebKit 0x0000000559f03cfb WKXPCServiceMain + 27 (WKMain.mm:33) 53 com.apple.WebKit.WebContent 0x0000000108ba3ea2 main + 34 (AuxiliaryProcessMain.cpp:30) 54 libdyld.dylib 0x00007fff20375591 start + 1
Attachments
test case
(1.04 KB, text/html)
2020-11-10 14:09 PST
,
Said Abou-Hallawa
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2020-11-10 19:30:08 PST
<
rdar://problem/71266421
>
Wenson Hsieh
Comment 2
2020-12-10 09:31:49 PST
Does not appear to reproduce on trunk with the canvas flag enabled, but I only tested against iOS. Going to try Debug MiniBrowser against macOS next...
Wenson Hsieh
Comment 3
2020-12-10 10:26:40 PST
(In reply to Wenson Hsieh from
comment #2
)
> Does not appear to reproduce on trunk with the canvas flag enabled, but I > only tested against iOS. > > Going to try Debug MiniBrowser against macOS next...
This did not reproduce with Debug MiniBrowser against macOS either, with the GPU process canvas flag enabled. My guess is that one of my display list or Said's image caching changes that landed recently fixed this crash.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug