156785 2016-04-20 01:26:49 -0700 [Cairo] Crash in GraphicsContext::drawFocusRing when painting is disabled 2016-04-20 01:47:39 -0700 1 1 1 Unclassified WebKit Platform WebKit Local Build Unspecified Unspecified RESOLVED FIXED Cairo P2 Normal --- 1 cgarcia webkit-unassigned bugs-noreply oldest_to_newest 1185371 0 cgarcia 2016-04-20 01:26:49 -0700 This happens for example when view state changes to focus and paint is called from FrameView::updateControlTints() with a graphics context that doesn't have a platform context. Layout test fast/images/image-map-outline-with-scale-transform.html sometimes crashes because of this, see the bt: Program received signal SIGSEGV, Segmentation fault. 0x00007fd378267933 in WebCore::GraphicsContext::platformContext() const () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 (gdb) bt #0 0x00007fd378267933 in WebCore::GraphicsContext::platformContext() const () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #1 0x00007fd3782699d1 in WebCore::GraphicsContext::drawFocusRing(WebCore::Path const&, float, float, WebCore::Color const&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #2 0x00007fd377e93c15 in WebCore::RenderImage::paintAreaElementFocusRing(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007fd377e52d2d in WebCore::RenderElement::paintAsInlineBlock(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007fd377dbb554 in WebCore::InlineElementBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007fd377dc5da8 in WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #6 0x00007fd377f90704 in WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #7 0x00007fd377edf0db in WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #8 0x00007fd377dd3631 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #9 0x00007fd377ddd316 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #10 0x00007fd377dd1882 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #11 0x00007fd377ead1dd in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #12 0x00007fd377eb1e36 in WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*, bool) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #13 0x00007fd377ec0d8d in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #14 0x00007fd377ec1382 in WebCore::RenderLayer::paintLayerByApplyingTransform(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::LayoutSize const&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #15 0x00007fd377ec1ad0 in WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #16 0x00007fd377ec2445 in WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #17 0x00007fd377ec0ae7 in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #18 0x00007fd377ec1c40 in WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #19 0x00007fd377ec2445 in WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #20 0x00007fd377ec0ae7 in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #21 0x00007fd377ec1c40 in WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #22 0x00007fd377ec1dcd in WebCore::RenderLayer::paint(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::LayoutSize const&, unsigned int, WebCore::RenderObject*, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #23 0x00007fd377bbf6fc in WebCore::FrameView::paintContents(WebCore::GraphicsContext&, WebCore::IntRect const&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #24 0x00007fd377c709f2 in WebCore::ScrollView::paint(WebCore::GraphicsContext&, WebCore::IntRect const&) () ---Type <return> to continue, or q <return> to quit--- from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #25 0x00007fd377bc35cf in WebCore::FrameView::paintControlTints() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #26 0x00007fd377bc3678 in WebCore::FrameView::updateControlTints() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #27 0x00007fd377baf488 in WebCore::FocusController::setActiveInternal(bool) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #28 0x00007fd377baf635 in WebCore::FocusController::setViewState(unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #29 0x00007fd377bd7548 in WebCore::Page::setViewState(unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #30 0x00007fd377228337 in WebKit::WebPage::setViewState(unsigned int, bool, WTF::Vector<unsigned long, 0ul, WTF::CrashOnOverflow, 16ul> const&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #31 0x00007fd377353105 in void IPC::handleMessage<Messages::WebPage::SetViewState, WebKit::WebPage, void (WebKit::WebPage::*)(unsigned int, bool, WTF::Vector<unsigned long, 0ul, WTF::CrashOnOverflow, 16ul> const&)>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned int, bool, WTF::Vector<unsigned long, 0ul, WTF::CrashOnOverflow, 16ul> const&)) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #32 0x00007fd377350e44 in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::MessageDecoder&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #33 0x00007fd37705d8f9 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::MessageDecoder&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #34 0x00007fd377187bc6 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #35 0x00007fd377059d26 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #36 0x00007fd37705a683 in IPC::Connection::dispatchOneMessage() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #37 0x00007fd375cd0ccf in WTF::RunLoop::performWork() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #38 0x00007fd375d00539 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #39 0x00007fd370f3fb8a in g_main_dispatch (context=0x13b1880) at gmain.c:3154 #40 g_main_context_dispatch (context=context@entry=0x13b1880) at gmain.c:3769 #41 0x00007fd370f3ff08 in g_main_context_iterate (context=0x13b1880, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3840 #42 0x00007fd370f40222 in g_main_loop_run (loop=0x1cab8c0) at gmain.c:4034 #43 0x00007fd375d00e70 in WTF::RunLoop::run() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #44 0x00007fd377305992 in int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #45 0x00007fd36c090610 in __libc_start_main (main=0x400af0 <main>, argc=2, argv=0x7ffecfbb2c78, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffecfbb2c68) at libc-start.c:291 #46 0x0000000000400b49 in _start () 1185372 1 276811 cgarcia 2016-04-20 01:28:46 -0700 Created attachment 276811 Patch 1185377 2 cgarcia 2016-04-20 01:47:39 -0700 Committed r199769: <http://trac.webkit.org/changeset/199769> 276811 2016-04-20 01:28:46 -0700 2016-04-20 01:43:32 -0700 Patch wcore-focus-ring-crash.diff text/plain 1761 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCBjNGFjNzlmLi5mMjRmNGJmIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29y ZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcg QEAKKzIwMTYtMDQtMjAgIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNpYUBpZ2FsaWEuY29t PgorCisgICAgICAgIFtDYWlyb10gQ3Jhc2ggaW4gR3JhcGhpY3NDb250ZXh0OjpkcmF3Rm9jdXNS aW5nIHdoZW4gcGFpbnRpbmcgaXMgZGlzYWJsZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp dC5vcmcvc2hvd19idWcuY2dpP2lkPTE1Njc4NQorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIFRoaXMgaGFwcGVucyBmb3IgZXhhbXBsZSB3aGVuIHZpZXcg c3RhdGUgY2hhbmdlcyB0byBmb2N1cyBhbmQgcGFpbnQgaXMgY2FsbGVkIGZyb20KKyAgICAgICAg RnJhbWVWaWV3Ojp1cGRhdGVDb250cm9sVGludHMoKSB3aXRoIGEgZ3JhcGhpY3MgY29udGV4dCB0 aGF0IGRvZXNuJ3QgaGF2ZSBhIHBsYXRmb3JtIGNvbnRleHQuIExheW91dCB0ZXN0CisgICAgICAg IGZhc3QvaW1hZ2VzL2ltYWdlLW1hcC1vdXRsaW5lLXdpdGgtc2NhbGUtdHJhbnNmb3JtLmh0bWwg c29tZXRpbWVzIGNyYXNoZXMgYmVjYXVzZSBvZiB0aGlzLgorCisgICAgICAgICogcGxhdGZvcm0v Z3JhcGhpY3MvY2Fpcm8vR3JhcGhpY3NDb250ZXh0Q2Fpcm8uY3BwOgorICAgICAgICAoV2ViQ29y ZTo6R3JhcGhpY3NDb250ZXh0OjpkcmF3Rm9jdXNSaW5nKTogUmV0dXJuIGVhcmx5IGlmIHBhaW50 aW5nIGlzIGRpc2FibGVkLgorCiAyMDE2LTA0LTE5ICBDYXJsb3MgR2FyY2lhIENhbXBvcyAgPGNn YXJjaWFAaWdhbGlhLmNvbT4KIAogICAgICAgICBSRUdSRVNTSU9OKHIxOTg3ODIpOiBTSE9VTEQg TkVWRVIgQkUgUkVBQ0hFRCBmYWlsdXJlIGluIEltYWdlU291cmNlOjpzZXREYXRhIHNpbmNlIHIx OTg3ODIKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL2NhaXJv L0dyYXBoaWNzQ29udGV4dENhaXJvLmNwcCBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBo aWNzL2NhaXJvL0dyYXBoaWNzQ29udGV4dENhaXJvLmNwcAppbmRleCA3Mjg2NGQzLi5iY2E5MzQ0 IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9jYWlyby9HcmFw aGljc0NvbnRleHRDYWlyby5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3JhcGhp Y3MvY2Fpcm8vR3JhcGhpY3NDb250ZXh0Q2Fpcm8uY3BwCkBAIC01OTEsNiArNTkxLDkgQEAgc3Rh dGljIGlubGluZSBTdHJva2VTdHlsZSBmb2N1c1JpbmdTdHJva2VTdHlsZSgpCiAKIHZvaWQgR3Jh cGhpY3NDb250ZXh0OjpkcmF3Rm9jdXNSaW5nKGNvbnN0IFBhdGgmIHBhdGgsIGZsb2F0IHdpZHRo LCBmbG9hdCAvKiBvZmZzZXQgKi8sIGNvbnN0IENvbG9yJiBjb2xvcikKIHsKKyAgICBpZiAocGFp bnRpbmdEaXNhYmxlZCgpKQorICAgICAgICByZXR1cm47CisKICAgICAvLyBGSVhNRTogV2Ugc2hv dWxkIGRyYXcgcGF0aHMgdGhhdCBkZXNjcmliZSBhIHJlY3RhbmdsZSB3aXRoIHJvdW5kZWQgY29y bmVycwogICAgIC8vIHNvIGFzIHRvIGJlIGNvbnNpc3RlbnQgd2l0aCBob3cgd2UgZHJhdyByZWN0 YW5ndWxhciBmb2N1cyByaW5ncy4KICAgICBDb2xvciByaW5nQ29sb3IgPSBjb2xvcjsK