Bug 134593
| Summary: | [GTK] [Stable] Crash in TSymbolTableLevel::~TSymbolTableLevel with GCC 4.9 | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Alberto Garcia <berto> |
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | cgarcia |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Alberto Garcia
There's a bug in ANGLE triggered with GCC 4.9.
It crashes the WebProcess when you open some sites like http://gabrielecirulli.github.io/2048/
(gdb) bt
#0 0x0000000000000000 in ?? ()
#1 0x00007f24f4756b17 in TSymbolTableLevel::~TSymbolTableLevel() () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#2 0x00007f24f4707891 in TCompiler::compile(char const* const*, unsigned long, int) () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#3 0x00007f24f47554dc in ShCompile () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#4 0x00007f24f4aca780 in WebCore::ANGLEWebKitBridge::compileShaderSource(char const*, WebCore::ANGLEShaderType, WTF::String&, WTF::String&, WTF::Vector<WebCore::ANGLEShaderSymbol, 0ul, WTF::CrashOnOverflow>&, int) () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#5 0x00007f24f4abedc0 in WebCore::Extensions3DOpenGLCommon::getTranslatedShaderSourceANGLE(unsigned int) ()
from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
master is not affected by this, but the stable branch (2.4.3) is. This has been reported and fixed upstream:
https://code.google.com/p/angleproject/issues/detail?id=651
However the patch doesn't apply cleanly against the ANGLE version in our stable branch. This one, also posted there, and apparently used by Mozilla, does work, though:
--- a/Source/ThirdParty/ANGLE/src/compiler/SymbolTable.cpp
+++ b/Source/ThirdParty/ANGLE/src/compiler/SymbolTable.cpp
@@ -171,7 +171,8 @@ TFunction::~TFunction()
TSymbolTableLevel::~TSymbolTableLevel()
{
for (tLevel::iterator it = level.begin(); it != level.end(); ++it)
- delete (*it).second;
+ if ((*it).first == (*it).second->getMangledName())
+ delete (*it).second;
}
//
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Carlos Garcia Campos
I wonder why master is not affected, though.
Alberto Garcia
(In reply to comment #1)
> I wonder why master is not affected, though.
Doesn't it have a different version of ANGLE?
Carlos Garcia Campos
(In reply to comment #2)
> (In reply to comment #1)
> > I wonder why master is not affected, though.
>
> Doesn't it have a different version of ANGLE?
Yes, but the fix you mention is not there.
Alberto Garcia
(In reply to comment #3)
> (In reply to comment #2)
> > (In reply to comment #1)
> > > I wonder why master is not affected, though.
> >
> > Doesn't it have a different version of ANGLE?
>
> Yes, but the fix you mention is not there.
In master it was solved using a different fix, which seems more efficient:
https://chromium.googlesource.com/angle/angle/+/adfffe4649d622bab6957972663a852f123b5ea7%5E%21/
This doesn't apply cleanly in the stable branch (there's actually lots of conflicts) but we could try to see if it's easy to backport, the changes themselves don't seem complex.
Or we can just stick to the simple version in the stable branch.
Carlos Garcia Campos
(In reply to comment #4)
> (In reply to comment #3)
> > (In reply to comment #2)
> > > (In reply to comment #1)
> > > > I wonder why master is not affected, though.
> > >
> > > Doesn't it have a different version of ANGLE?
> >
> > Yes, but the fix you mention is not there.
>
> In master it was solved using a different fix, which seems more efficient:
>
> https://chromium.googlesource.com/angle/angle/+/adfffe4649d622bab6957972663a852f123b5ea7%5E%21/
>
> This doesn't apply cleanly in the stable branch (there's actually lots of conflicts) but we could try to see if it's easy to backport, the changes themselves don't seem complex.
>
> Or we can just stick to the simple version in the stable branch.
The stable branch is using an older version of ANGLE, so let's use the simple patch for now that fixes the crashes.
Carlos Garcia Campos
Commited <http://trac.webkit.org/changeset/170788>