Bug 179051

Summary: [GTK] imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args.html crash in in bmalloc::Heap::allocateLarge
Product: WebKit Reporter: Charlie Turner <cturner>
Component: WebKitGTKAssignee: Ms2ger (he/him; ⌚ UTC+1/+2) <Ms2ger>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, bugs-noreply, buildbot, cdumez, cmarcelo, commit-queue, dbates, fujii.hironori, mcatanzaro, Ms2ger
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=178984
Bug Depends on: 179477    
Bug Blocks:    
Attachments:
Description Flags
Crash log
none
Patch
none
Archive of layout-test-results from ews124 for ios-simulator-wk2
none
Patch none

Charlie Turner
Reported 2017-10-31 03:43:48 PDT
Created attachment 325430 [details] Crash log The following seems to have taken us from always failing to occasionally failing and occasionally crashing. commit f4fd10564f49868d19feb708112cd373b514fa7d Author: dino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Date: Sun Oct 29 10:06:35 2017 +0000 createImageBitmap with HTMLCanvasElement https://bugs.webkit.org/show_bug.cgi?id=178984 <rdar://problem/35238440> Crash log attached.
Attachments
Crash log (220.95 KB, text/plain)
2017-10-31 03:43 PDT, Charlie Turner 		no flags
Details
Patch (13.03 KB, patch)
2017-11-01 04:03 PDT, Ms2ger (he/him; ⌚ UTC+1/+2) 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews124 for ios-simulator-wk2 (1010.71 KB, application/zip)
2017-11-01 05:24 PDT, Build Bot 		no flags
Details
Patch (14.35 KB, patch)
2017-11-10 01:07 PST, Ms2ger (he/him; ⌚ UTC+1/+2) 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ms2ger (he/him; ⌚ UTC+1/+2)
Comment 1 2017-11-01 04:03:11 PDT
Created attachment 325558 [details] Patch
Build Bot
Comment 2 2017-11-01 05:24:32 PDT
Comment on attachment 325558 [details] Patch Attachment 325558 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/5061481 New failing tests: imported/w3c/web-platform-tests/service-workers/cache-storage/serviceworker/cache-match.https.html
Build Bot
Comment 3 2017-11-01 05:24:33 PDT
Created attachment 325561 [details] Archive of layout-test-results from ews124 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews124 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.6
Michael Catanzaro
Comment 4 2017-11-02 05:35:18 PDT
Comment on attachment 325558 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=325558&action=review > Source/WebCore/ChangeLog:3 > + [GTK] Use fallible allocation in ImageBuffer::ImageBuffer(). Why? I think Zan or Miguel would be a good reviewer to ask for this.
Ms2ger (he/him; ⌚ UTC+1/+2)
Comment 5 2017-11-03 02:57:05 PDT
(In reply to Michael Catanzaro from comment #4) > Comment on attachment 325558 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=325558&action=review > > > Source/WebCore/ChangeLog:3 > > + [GTK] Use fallible allocation in ImageBuffer::ImageBuffer(). > > Why? > > I think Zan or Miguel would be a good reviewer to ask for this. Because of the crash this bug is filed for; web pages can easily control the size of the buffer we try to allocate here. The mac port also uses fallible allocation.
Fujii Hironori
Comment 6 2017-11-09 00:22:59 PST
WinCairo EWS is red. tryFastZeroedMalloc should be marked as WTF_EXPORT_PRIVATE.
Ms2ger (he/him; ⌚ UTC+1/+2)
Comment 7 2017-11-10 01:07:07 PST
Created attachment 326569 [details] Patch
Michael Catanzaro
Comment 8 2017-11-10 07:23:37 PST
(In reply to Ms2ger from comment #5) > Because of the crash this bug is filed for; web pages can easily control the > size of the buffer we try to allocate here. The mac port also uses fallible > allocation. OK, makes sense.
WebKit Commit Bot
Comment 9 2017-11-10 07:43:37 PST
Comment on attachment 326569 [details] Patch Clearing flags on attachment: 326569 Committed r224681: <https://trac.webkit.org/changeset/224681>
WebKit Commit Bot
Comment 10 2017-11-10 07:43:39 PST
All reviewed patches have been landed. Closing bug.
Ms2ger (he/him; ⌚ UTC+1/+2)
Comment 11 2017-11-10 08:38:17 PST
*** Bug 179477 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.