279649 2024-09-12 23:34:37 -0700 [cairo] ASSERTION FAILED: destSize > 0 in WebCore::Cairo::calculateSubsurfaceRect 2024-09-17 13:53:15 -0700 1 1 1 Unclassified WebKit Platform WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 fujii fujii webkit-bug-importer oldest_to_newest 2059908 0 fujii 2024-09-12 23:34:37 -0700 Window port Debug builds are crashing: imported/w3c/web-platform-tests/html/canvas/element/drawing-images-to-the-canvas/2d.drawImage.negativedest.html [ Crash ] imported/w3c/web-platform-tests/html/canvas/element/drawing-images-to-the-canvas/2d.drawImage.negativedir.html [ Crash ] ASSERTION FAILED: destSize > 0 C:\webkit\wc\Source\WebCore\platform/graphics/cairo/CairoOperations.cpp(875) : auto WebCore::Cairo::calculateSubsurfaceRect(FloatRect &, FloatRect &, const IntSize &, FloatSize &)::(anonymous class)::operator()(float &, float &, float &, float &, float, float &) const 1 00007FFF6843EFD0 WebCore::Cairo::calculateSubsurfaceRect::<lambda_0>::operator() 2 00007FFF684397B7 WebCore::Cairo::calculateSubsurfaceRect 3 00007FFF68438EAD WebCore::Cairo::drawSurface 4 00007FFF68438A42 WebCore::Cairo::drawPlatformImage 5 00007FFF68449CCE WebCore::GraphicsContextCairo::drawNativeImageInternal 6 00007FFF6834B746 WebCore::GraphicsContext::drawImageBuffer 7 00007FFF68484DC1 WebCore::DisplayList::DrawImageBuffer::apply 8 00007FFF61759734 WebKit::RemoteDisplayListRecorder::handleItem<WebCore::DisplayList::DrawImageBuffer,WebCore::ImageBuffer &> 9 00007FFF61743CBE WebKit::RemoteDisplayListRecorder::drawImageBuffer 10 00007FFF615C6F8B IPC::callMemberFunction<WebKit::RemoteDisplayListRecorder,WebKit::RemoteDisplayListRecorder,void (WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>, const WebCore::FloatRect &, const WebCore::FloatRect &, WebCore::ImagePaintingOptions),std::tuple<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> >::<lambda_1>::operator()<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> 11 00007FFF615C6EB0 std::invoke<`lambda at C:\webkit\wc\Source\WebKit\Platform\IPC\HandleMessage.h:134:9',WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> 12 00007FFF615C6E5B std::_Apply_impl<`lambda at C:\webkit\wc\Source\WebKit\Platform\IPC\HandleMessage.h:134:9',std::tuple<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions>,0,1,2,3> 13 00007FFF615C6DE2 std::apply<`lambda at C:\webkit\wc\Source\WebKit\Platform\IPC\HandleMessage.h:134:9',std::tuple<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> > 14 00007FFF615C60CF IPC::callMemberFunction<WebKit::RemoteDisplayListRecorder,WebKit::RemoteDisplayListRecorder,void (WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>, const WebCore::FloatRect &, const WebCore::FloatRect &, WebCore::ImagePaintingOptions),std::tuple<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> > 15 00007FFF615A0DF2 IPC::handleMessage<Messages::RemoteDisplayListRecorder::DrawImageBuffer,WebKit::RemoteDisplayListRecorder,WebKit::RemoteDisplayListRecorder,void (WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>, const WebCore::FloatRect &, const WebCore::FloatRect &, WebCore::ImagePaintingOptions)> 16 00007FFF61589A7F WebKit::RemoteDisplayListRecorder::didReceiveStreamMessage 17 00007FFF61C89B86 IPC::StreamServerConnection::dispatchStreamMessage 18 00007FFF61C88963 IPC::StreamServerConnection::dispatchStreamMessages 19 00007FFF61C88484 IPC::StreamConnectionWorkQueue::processStreams 20 00007FFF61C8A6EF IPC::StreamConnectionWorkQueue::startProcessingThread::<lambda_2>::operator() 21 00007FFF61C8A697 WTF::Detail::CallableWrapper<`lambda at C:\webkit\wc\Source\WebKit\Platform\IPC\StreamConnectionWorkQueue.cpp:123:17',void>::call 22 00007FFF5EF66B69 WTF::Function<void ()>::operator() 23 00007FFF6008D9FC WTF::Thread::entryPoint 24 00007FFF60167543 WTF::wtfThreadEntryPoint 25 00007FF844119333 recalloc 26 00007FF84617257D BaseThreadInitThunk 27 00007FF84690AF28 RtlUserThreadStart Exception thrown at 0x00007FFF5FF3AEB5 (JavaScriptCore.dll) in WebKitGPUProcess.exe: 0xC0000005: Access violation writing location 0x00000000BBADBEEF. 2059909 1 fujii 2024-09-12 23:35:01 -0700 It's reproducible just by loading https://wpt.live/html/canvas/element/drawing-images-to-the-canvas/2d.drawImage.negativedest.html with Windows Debug MiniBrowser. 2060708 2 fujii 2024-09-17 00:35:40 -0700 Pull request: https://github.com/WebKit/WebKit/pull/33756 2060847 3 ews-feeder 2024-09-17 13:52:30 -0700 Committed 283797@main (028c2cf49867): <https://commits.webkit.org/283797@main> Reviewed commits have been landed. Closing PR #33756 and removing active labels. 2060848 4 webkit-bug-importer 2024-09-17 13:53:15 -0700 <rdar://problem/136174675>