Bug 167296

Summary: [GTK] WebProcess from WebKitGtk+ 2.15.3 SIGSEVs in WebCore::GraphicsContext3D::drawArrays(unsigned int, int, int) at Source/WebCore/platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:740
Product: WebKit Reporter: Andres Gomez Garcia <agomez>
Component: WebKitGTKAssignee: Miguel Gomez <magomez>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, buildbot, cgarcia, cmarcelo, commit-queue, EvilTwin1, kondapallykalyan, luiz, magomez, mcatanzaro, noam, rniwa
Priority: P2    
Version: WebKit Nightly Build   
Hardware: PC   
OS: Linux   
See Also: https://bugzilla.gnome.org/show_bug.cgi?id=777925
https://bugzilla.redhat.com/show_bug.cgi?id=1418448
https://bugzilla.gnome.org/show_bug.cgi?id=777947
https://bugzilla.redhat.com/show_bug.cgi?id=1424732
Attachments:
Description Flags
BT from gdb for the WebProcess
none
Patch
none
Archive of layout-test-results from ews101 for mac-elcapitan none

Description Andres Gomez Garcia 2017-01-22 14:59:39 PST 
Created attachment 299487 [details]
BT from gdb for the WebProcess

I'm using WebKitGtk+ with my own JHBuild setting:
https://github.com/tanty/jhbuild-epiphany/tree/master

Epiphany 3.20.6 and WebKit 2.15.3

I'm running Epiphany with the dconf key:

"process-model" = "shared-secondary-process"

And the env variable:

"export LIBGL_DRI3_DISABLE=1"

The compilation was done with CMake args:

'-DPORT=GTK -DCMAKE_BUILD_TYPE=Release -DENABLE_MINIBROWSER=ON -DCMAKE_C_FLAGS_RELEASE="-O0 -g -DNDEBUG -DG_DEBUG=fatal-criticals -DG_DISABLE_CAST_CHECKS" -DCMAKE_CXX_FLAGS_RELEASE="-O0 -g -DNDEBUG -DG_DEBUG=fatal-criticals -DG_DISABLE_CAST_CHECKS"'

After visiting several pages, eventually, the WebProcess hits a SIGSEV.

This bug is not reproducible in a predictable way.
Comment 1 Miguel Gomez 2017-01-25 07:06:22 PST 
Created attachment 299700 [details]
Patch
Comment 2 Sergio Villar Senin 2017-01-25 07:56:35 PST 
Comment on attachment 299700 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=299700&action=review

> Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp:691
> +    Platform3DObject vbo = data().getStaticVBO(GraphicsContext3D::ARRAY_BUFFER, sizeof(GC3Dfloat) * 8, unitRect);

I think you can use sizeof(uniRect) instead of the magic number 8.
Comment 3 Build Bot 2017-01-25 08:07:07 PST 
Comment on attachment 299700 [details]
Patch

Attachment 299700 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/2947032

New failing tests:
imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-protocol-setter-non-broken.html
Comment 4 Build Bot 2017-01-25 08:07:11 PST 
Created attachment 299706 [details]
Archive of layout-test-results from ews101 for mac-elcapitan

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews101  Port: mac-elcapitan  Platform: Mac OS X 10.11.6
Comment 5 WebKit Commit Bot 2017-01-26 01:06:20 PST 
Comment on attachment 299700 [details]
Patch

Clearing flags on attachment: 299700

Committed r211204: <http://trac.webkit.org/changeset/211204>
Comment 6 WebKit Commit Bot 2017-01-26 01:06:24 PST 
All reviewed patches have been landed.  Closing bug.
Comment 7 Michael Catanzaro 2017-01-30 07:24:01 PST 
*** Bug 167470 has been marked as a duplicate of this bug. ***