Bug 175196

Summary:

Web Inspector: REGRESSION (r220233): Check for null pointer passed to WebGLRenderingContextBase::deleteProgram

Product:

WebKit

Reporter:

Matt Baker <mattbaker>

Component:

Web Inspector

Assignee:

Matt Baker <mattbaker>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

buildbot, cdumez, commit-queue, dino, esprehn+autocc, graouts, gyuyoung.kim, hi, inspector-bugzilla-changes, jlewis3, kondapallykalyan, ryanhaddad, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch	none

Matt Baker

Reported 2017-08-04 10:50:36 PDT

Summary: Check for null pointer passed to WebGLRenderingContextBase::deleteProgram. Apparently the WebGLProgram* can be null. Hit while running LayoutTests/fast/canvas/webgl/webgl-draw-buffers.html. Introduced in http://trac.webkit.org/changeset/220233. ASSERTION FAILED: program /Volumes/Data/Projects/WebKit/OpenSource/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp(1578) : void WebCore::WebGLRenderingContextBase::deleteProgram(WebCore::WebGLProgram *) 1 0x659bfc31d WTFCrash 2 0x64efd31c7 WebCore::WebGLRenderingContextBase::deleteProgram(WebCore::WebGLProgram*) 3 0x64debed62 WebCore::jsWebGLRenderingContextPrototypeFunctionDeleteProgramBody(JSC::ExecState*, WebCore::JSWebGLRenderingContext*, JSC::ThrowScope&) 4 0x64dea637e long long WebCore::IDLOperation<WebCore::JSWebGLRenderingContext>::call<&(WebCore::jsWebGLRenderingContextPrototypeFunctionDeleteProgramBody(JSC::ExecState*, WebCore::JSWebGLRenderingContext*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*) 5 0x64dea610c WebCore::jsWebGLRenderingContextPrototypeFunctionDeleteProgram(JSC::ExecState*) 6 0x256524001028 7 0x659781cfd llint_entry 8 0x659781cfd llint_entry 9 0x659781d77 llint_entry 10 0x659781d77 llint_entry 11 0x659781d77 llint_entry 12 0x65977a237 vmEntryToJavaScript 13 0x6595542ce JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 14 0x659503798 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) 15 0x658d88c88 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 16 0x658d88e40 JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 17 0x64e8d7bbb WebCore::JSMainThreadExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 18 0x64e8d79a8 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) 19 0x64e8d7c9d WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&, WebCore::ExceptionDetails*) 20 0x64e8ed562 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) 21 0x64e8ebb96 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) 22 0x64d08de20 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) 23 0x64d08dc8f WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement>&&, WTF::TextPosition const&) 24 0x64cfb21b2 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() 25 0x64cfb2713 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) 26 0x64cfb13b8 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) 27 0x64cfb0f0b WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) 28 0x64cfb4119 WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() 29 0x64cfb451e WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&) 30 0x64cfb457c non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&) 31 0x64e3af8c7 WebCore::PendingScript::notifyClientFinished() LEAK: 1 WebPageProxy

Attachments
Patch (1.59 KB, patch) 2017-08-04 10:52 PDT, Matt Baker	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2017-08-04 10:50:52 PDT

<rdar://problem/33727603>

Matt Baker

Comment 2 2017-08-04 10:52:00 PDT

Created attachment 317257 [details] Patch

Devin Rousso

Comment 3 2017-08-04 10:54:14 PDT

Comment on attachment 317257 [details] Patch r=me

WebKit Commit Bot

Comment 4 2017-08-04 11:57:07 PDT

Comment on attachment 317257 [details] Patch Clearing flags on attachment: 317257 Committed r220281: <http://trac.webkit.org/changeset/220281>

WebKit Commit Bot

Comment 5 2017-08-04 11:57:08 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.