Bug 214192

Summary: [GTK][WPE] imported blink large gradient tests are crashing on debug builds
Product: WebKit Reporter: Lauro Moura <lmoura>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, cgarcia, zan
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
GTK crash log from build 6702 (r214215)
none
Patch zan: review+

Description Lauro Moura 2020-07-10 11:58:15 PDT 
Created attachment 403984 [details]
GTK crash log from build 6702 (r214215)

Tests:

imported/blink/fast/gradients/large-horizontal-gradient.html
imported/blink/fast/gradients/large-vertical-gradient.html

wktesthunter info shows both tests starting to crash around this point for GTK-Debug:

r256857                       IMAGE (Expected: IMAGE)
r256910                       CRASH (Expected: IMAGE)

And this point for WPE-Debug:

r261918                       NOERROR
r261966                       CRASH (Expected: IMAGE)


Trace snippet from large-horizontal (similar to large-vertical):

Thread 1 (Thread 0x7f88841622c0 (LWP 41837)):
#0  0x00007f888cfa1362 in WTFCrash() () at ../../Source/WTF/wtf/Assertions.cpp:295
#1  0x00007f889b2ffe22 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713
#2  0x00007f889ef76307 in WebCore::ImageBufferCairoSurfaceBackend::ImageBufferCairoSurfaceBackend(WebCore::FloatSize const&, WebCore::IntSize const&, float, WebCore::ColorSpace, WTF::RefPtr<_cairo_surface, WTF::DumbPtrTraits<_cairo_surface> >&&) (this=0x7f8840612850, logicalSize=..., backendSize=..., resolutionScale=1, colorSpace=WebCore::ColorSpace::SRGB, surface=...) at ../../Source/WebCore/platform/graphics/cairo/ImageBufferCairoSurfaceBackend.cpp:50
#3  0x00007f889ef75fbd in WebCore::ImageBufferCairoImageSurfaceBackend::ImageBufferCairoImageSurfaceBackend(WebCore::FloatSize const&, WebCore::IntSize const&, float, WebCore::ColorSpace, WTF::RefPtr<_cairo_surface, WTF::DumbPtrTraits<_cairo_surface> >&&) (this=0x7f8840612850, logicalSize=..., backendSize=..., resolutionScale=1, colorSpace=WebCore::ColorSpace::SRGB, surface=...) at ../../Source/WebCore/platform/graphics/cairo/ImageBufferCairoImageSurfaceBackend.cpp:70
#4  0x00007f889ef75eca in WebCore::ImageBufferCairoImageSurfaceBackend::create(WebCore::FloatSize const&, float, WebCore::ColorSpace, WebCore::HostWindow const*) (size=..., resolutionScale=1, colorSpace=WebCore::ColorSpace::SRGB) at ../../Source/WebCore/platform/graphics/cairo/ImageBufferCairoImageSurfaceBackend.cpp:61
#5  0x00007f889ef15aae in WebCore::ConcreteImageBuffer<WebCore::ImageBufferCairoImageSurfaceBackend>::create<WebCore::ConcreteImageBuffer<WebCore::ImageBufferCairoImageSurfaceBackend>>(WebCore::FloatSize const&, float, WebCore::ColorSpace, WebCore::HostWindow const*) (size=..., resolutionScale=1, colorSpace=WebCore::ColorSpace::SRGB, hostWindow=0x0) at ../../Source/WebCore/platform/graphics/ConcreteImageBuffer.h:39
#6  0x00007f889ef0b17f in WebCore::ImageBuffer::create(WebCore::FloatSize const&, WebCore::RenderingMode, float, WebCore::ColorSpace, WebCore::HostWindow const*) (size=..., renderingMode=WebCore::RenderingMode::Unaccelerated, resolutionScale=1, colorSpace=WebCore::ColorSpace::SRGB, hostWindow=0x0) at ../../Source/WebCore/platform/graphics/ImageBuffer.cpp:69
#7  0x00007f889ef0b76a in WebCore::ImageBuffer::createCompatibleBuffer(WebCore::FloatSize const&, float, WebCore::ColorSpace, WebCore::GraphicsContext const&) (size=..., resolutionScale=1, colorSpace=WebCore::ColorSpace::SRGB, context=...) at ../../Source/WebCore/platform/graphics/ImageBuffer.cpp:155
#8  0x00007f889ef0b64b in WebCore::ImageBuffer::createCompatibleBuffer(WebCore::FloatSize const&, WebCore::ColorSpace, WebCore::GraphicsContext const&) (size=..., colorSpace=WebCore::ColorSpace::SRGB, context=...) at ../../Source/WebCore/platform/graphics/ImageBuffer.cpp:144
#9  0x00007f889eee73ab in WebCore::GradientImage::drawPattern(WebCore::GraphicsContext&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::AffineTransform const&, WebCore::FloatPoint const&, WebCore::FloatSize const&, WebCore::ImagePaintingOptions const&) (this=0x7f88184d2160, destContext=..., destRect=..., srcRect=..., patternTransform=..., phase=..., spacing=..., options=...) at ../../Source/WebCore/platform/graphics/GradientImage.cpp:74
#10 0x00007f889ef0a217 in WebCore::Image::drawTiled(WebCore::GraphicsContext&, WebCore::FloatRect const&, WebCore::FloatPoint const&, WebCore::FloatSize const&, WebCore::FloatSize const&, WebCore::ImagePaintingOptions const&) (this=0x7f88184d2160, ctxt=..., destRect=..., srcPoint=..., scaledTileSize=..., spacing=..., options=...) at ../../Source/WebCore/platform/graphics/Image.cpp:248
#11 0x00007f889eef8f88 in WebCore::GraphicsContextImpl::drawTiledImageImpl(WebCore::GraphicsContext&, WebCore::Image&, WebCore::FloatRect const&, WebCore::FloatPoint const&, WebCore::FloatSize const&, WebCore::FloatSize const&, WebCore::ImagePaintingOptions const&) (context=..., image=..., destination=..., source=..., tileSize=..., spacing=..., options=...) at ../../Source/WebCore/platform/graphics/GraphicsContextImpl.cpp:49
#12 0x00007f889ef749a8 in WebCore::GraphicsContextImplCairo::drawTiledImage(WebCore::Image&, WebCore::FloatRect const&, WebCore::FloatPoint const&, WebCore::FloatSize const&, WebCore::FloatSize const&, WebCore::ImagePaintingOptions const&) (this=0x7f88184a2668, image=..., destination=..., source=..., tileSize=..., spacing=..., imagePaintingOptions=...) at ../../Source/WebCore/platform/graphics/cairo/GraphicsContextImplCairo.cpp:274
#13 0x00007f889eeead14 in WebCore::GraphicsContext::drawTiledImage(WebCore::Image&, WebCore::FloatRect const&, WebCore::FloatPoint const&, WebCore::FloatSize const&, WebCore::FloatSize const&, WebCore::ImagePaintingOptions const&) (this=0x7f882903f4b0, image=..., destination=..., source=..., tileSize=..., spacing=..., options=...) at ../../Source/WebCore/platform/graphics/GraphicsContext.cpp:736
#14 0x00007f889f20d05c in WebCore::RenderBoxModelObject::paintFillLayerExtended(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const&, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance, WebCore::InlineFlowBox*, WebCore::LayoutSize const&, WebCore::CompositeOperator, WebCore::RenderElement*, WebCore::BaseBackgroundColorUsage) (this=0x7f88413899f0, paintInfo=..., color=..., bgLayer=..., rect=..., bleedAvoidance=WebCore::BackgroundBleedNone, box=0x0, boxSize=..., op=WebCore::CompositeOperator::SourceOver, backgroundObject=0x0, baseBgColorUsage=WebCore::BaseBackgroundColorUse) at ../../Source/WebCore/rendering/RenderBoxModelObject.cpp:973
#15 0x00007f889f1f64ec in WebCore::RenderBox::paintFillLayer(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const&, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance, WebCore::CompositeOperator, WebCore::RenderElement*, WebCore::BaseBackgroundColorUsage) (this=0x7f88413899f0, paintInfo=..., c=..., fillLayer=..., rect=..., bleedAvoidance=WebCore::BackgroundBleedNone, op=WebCore::CompositeOperator::SourceOver, backgroundObject=0x0, baseBgColorUsage=WebCore::BaseBackgroundColorUse) at ../../Source/WebCore/rendering/RenderBox.cpp:1720
Comment 1 Carlos Garcia Campos 2020-07-16 02:32:14 PDT 
The assert is 

ASSERT(cairo_surface_status(m_surface.get()) == CAIRO_STATUS_SUCCESS);

and the status we are getting is CAIRO_STATUS_INVALID_SIZE, because we are reaching the cairo image size limit. We should check the size before trying to create the image surface.
Comment 2 Carlos Garcia Campos 2020-07-16 02:35:10 PDT 
Created attachment 404431 [details]
Patch
Comment 3 Carlos Garcia Campos 2020-07-21 01:03:35 PDT 
Committed r264645: <https://trac.webkit.org/changeset/264645>