Bug 134694

Summary: Crash when starting a filter transition on a reflected layer
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: Layout and RenderingAssignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Normal CC: dino, simon.fraser, thorton
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Testcase (BYO image)
none
Patch thorton: review+

Simon Fraser (smfr)
Reported 2014-07-07 14:23:26 PDT
Web process crashes when starting an animation on a reflected layer: Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: EXC_I386_GPFLT Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001151654c7 WebCore::GraphicsLayerCA::platformCALayerAnimationStarted(double) + 39 (GraphicsLayerCA.cpp:838) 1 com.apple.WebCore 0x0000000115165516 non-virtual thunk to WebCore::GraphicsLayerCA::platformCALayerAnimationStarted(double) + 38 (GraphicsLayerCA.cpp:839) 2 com.apple.WebKit 0x0000000110d6b1e8 WebKit::PlatformCALayerRemote::animationStarted(WTF::String const&, double) + 232 (PlatformCALayerRemote.cpp:355) 3 com.apple.WebKit 0x0000000110ffb58e WebKit::RemoteLayerTreeContext::animationDidStart(unsigned long long, WTF::String const&, double) + 254 (RemoteLayerTreeContext.mm:137) 4 com.apple.WebKit 0x0000000111002931 WebKit::RemoteLayerTreeDrawingArea::acceleratedAnimationDidStart(unsigned long long, WTF::String const&, double) + 81 (RemoteLayerTreeDrawingArea.mm:194) 5 com.apple.WebKit 0x0000000110db40f7 void IPC::callMemberFunctionImpl<WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned long long, WTF::String const&, double), std::__1::tuple<unsigned long long, WTF::String, double>, 0ul, 1ul, 2ul>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned long long, WTF::String const&, double), std::__1::tuple<unsigned long long, WTF::String, double>&&, std::index_sequence<0ul, 1ul, 2ul>) + 215 (HandleMessage.h:17) 6 com.apple.WebKit 0x0000000110db3f48 void IPC::callMemberFunction<WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned long long, WTF::String const&, double), std::__1::tuple<unsigned long long, WTF::String, double>, std::make_index_sequence<3ul> >(std::__1::tuple<unsigned long long, WTF::String, double>&&, WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned long long, WTF::String const&, double)) + 88 (HandleMessage.h:23) 7 com.apple.WebKit 0x0000000110db3c64 void IPC::handleMessage<Messages::DrawingArea::AcceleratedAnimationDidStart, WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned long long, WTF::String const&, double)>(IPC::MessageDecoder&, WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned long long, WTF::String const&, double)) + 308 (HandleMessage.h:120) 8 com.apple.WebKit 0x0000000110db303c WebKit::DrawingArea::didReceiveDrawingAreaMessage(IPC::Connection*, IPC::MessageDecoder&) + 1420 (DrawingAreaMessageReceiver.cpp:101) 9 com.apple.WebKit 0x00000001112475bc WebKit::WebPage::didReceiveMessage(IPC::Connection*, IPC::MessageDecoder&) + 220 (WebPage.cpp:3393) 10 com.apple.WebKit 0x0000000111247747 non-virtual thunk to WebKit::WebPage::didReceiveMessage(IPC::Connection*, IPC::MessageDecoder&) + 55 (WebPage.cpp:3419)
Attachments
Testcase (BYO image) (1.88 KB, text/html)
2014-07-07 14:23 PDT, Simon Fraser (smfr) 		no flags
Details
Patch (6.38 KB, patch)
2014-07-07 15:08 PDT, Simon Fraser (smfr) 		thorton: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2014-07-07 14:23:53 PDT
Created attachment 234510 [details] Testcase (BYO image)
Simon Fraser (smfr)
Comment 2 2014-07-07 14:25:26 PDT
When we clone a layer, we clone the animation properties, and then "move or copy" animations appends another copy of the same animation. In the UI process, we then run two animations, but for the second fail to look it up in a map, and end up sending an empty "key" string back to the web process.
Simon Fraser (smfr)
Comment 3 2014-07-07 15:08:07 PDT
Created attachment 234515 [details] Patch
Simon Fraser (smfr)
Comment 4 2014-07-07 15:08:28 PDT
*** Bug 134696 has been marked as a duplicate of this bug. ***
Simon Fraser (smfr)
Comment 5 2014-07-07 16:46:01 PDT
https://trac.webkit.org/r170862
Note You need to log in before you can comment on or make changes to this bug.