218858 – [GPU Process] ASSERT_NOT_REACHED() when calling fillRect with a pattern style

Bug 218858 - [GPU Process] ASSERT_NOT_REACHED() when calling fillRect with a pattern style

Summary: [GPU Process] ASSERT_NOT_REACHED() when calling fillRect with a pattern style

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Canvas (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-11-12 10:30 PST by Said Abou-Hallawa
Modified:	2020-11-19 10:31 PST (History)
CC List:	2 users (show)

See Also:

Attachments
test case (661 bytes, text/html) 2020-11-12 10:30 PST, Said Abou-Hallawa	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Said Abou-Hallawa 2020-11-12 10:30:24 PST

Created attachment 413949 [details]
test case

Open the attached test case in a Debug build and with enabling GPU rendering for canvas.

Result:

SHOULD NEVER BE REACHED
/Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/Encoder.h(110) : static RefPtr<WebCore::SharedBuffer> IPC::Encoder::encodeSingleObject(const T &) [T = WebCore::DisplayList::SetState]
1   0x13ee3d6a9 WTFCrash
2   0x10904eb5b WTFCrashWithInfo(int, char const*, char const*, int)
3   0x10a80a8f9 WTF::RefPtr<WebCore::SharedBuffer, WTF::RawPtrTraits<WebCore::SharedBuffer>, WTF::DefaultRefDerefTraits<WebCore::SharedBuffer> > IPC::Encoder::encodeSingleObject<WebCore::DisplayList::SetState>(WebCore::DisplayList::SetState const&)
4   0x10a8076d1 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableIOSurfaceBackend>::encodeItem(WebCore::DisplayList::ItemHandle) const
5   0x10a807a45 non-virtual thunk to WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableIOSurfaceBackend>::encodeItem(WebCore::DisplayList::ItemHandle) const
6   0x12401d09d WebCore::DisplayList::ItemBuffer::appendEncodedData(WebCore::DisplayList::ItemHandle)
7   0x12403e2de void WebCore::DisplayList::ItemBuffer::append<WebCore::DisplayList::SetState, WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&>(WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&)
8   0x12403e247 void WebCore::DisplayList::DisplayList::append<WebCore::DisplayList::SetState, WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&>(WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&)
9   0x12402271e void WebCore::DisplayList::Recorder::append<WebCore::DisplayList::SetState, WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&>(WebCore::GraphicsContextState const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>&)
10  0x124022476 WebCore::DisplayList::Recorder::appendStateChangeItem(WebCore::GraphicsContextStateChange const&, WTF::OptionSet<WebCore::GraphicsContextState::Change>)
11  0x124022acd WebCore::DisplayList::Recorder::willAppendItemOfType(WebCore::DisplayList::ItemType)
12  0x124025ecb void WebCore::DisplayList::Recorder::append<WebCore::DisplayList::FillRect, WebCore::FloatRect const&>(WebCore::FloatRect const&)
13  0x124025e8d WebCore::DisplayList::Recorder::fillRect(WebCore::FloatRect const&)
14  0x123f86e1c WebCore::GraphicsContext::fillRect(WebCore::FloatRect const&)
15  0x1233adb09 WebCore::CanvasRenderingContext2DBase::fillRect(float, float, float, float)
16  0x1206e4e85 WebCore::jsCanvasRenderingContext2DPrototypeFunction_fillRectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*)
17  0x1206e481c long long WebCore::IDLOperation<WebCore::JSCanvasRenderingContext2D>::call<&(WebCore::jsCanvasRenderingContext2DPrototypeFunction_fillRectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSCanvasRenderingContext2D*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
18  0x1206756b4 WebCore::jsCanvasRenderingContext2DPrototypeFunction_fillRect(JSC::JSGlobalObject*, JSC::CallFrame*)
19  0x38ac35a01178
20  0x13f417e4b llint_entry
21  0x13f3f66e0 vmEntryToJavaScript
22  0x14023eb6b JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
23  0x14023f327 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
24  0x14058c3fd JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
25  0x14058c4df JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
26  0x14058c7c2 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
27  0x12275d0ae WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
28  0x12277af1b WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&)
29  0x122e47377 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase)
30  0x122e436b4 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
31  0x122eb6758 WebCore::Node::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy

Comment 1 Radar WebKit Bug Importer 2020-11-19 10:31:16 PST

<rdar://problem/71592189>