Bug 227827

Summary:

[WinCairo] drag tests are crashing after r279658

Product:

WebKit

Reporter:

Fujii Hironori <Hironori.Fujii>

Component:

Platform

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED DUPLICATE

Severity:

Normal

Priority:

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
WIP patch	none

Fujii Hironori

Reported 2021-07-08 21:42:37 PDT

[WinCairo] drag tests are crashing after r279658 Since r279658 (Bug 227721) https://build.webkit.org/#/builders/60/builds/1870 Regressions: Unexpected crashes (13) editing/pasteboard/4947130.html [ Crash ] editing/pasteboard/drag-and-drop-image-contenteditable.html [ Crash ] editing/pasteboard/drag-drop-iframe-refresh-crash.html [ Crash ] editing/pasteboard/drag-image-in-about-blank-frame.html [ Crash ] editing/pasteboard/drag-image-to-contenteditable-in-iframe.html [ Crash ] editing/pasteboard/files-during-page-drags.html [ Crash ] editing/selection/drag-to-contenteditable-iframe.html [ Crash ] fast/css/user-drag-none.html [ Crash ] fast/events/setDragImage-in-document-element-crash.html [ Crash ] fast/events/standalone-image-drag-to-editable.html [ Crash ] http/tests/local/drag-over-remote-content.html [ Crash ] http/tests/misc/bubble-drag-events.html [ Crash ] http/tests/misc/drag-over-iframe-invalid-source-crash.html [ Crash ]

Attachments
WIP patch (738 bytes, patch) 2021-07-08 22:20 PDT, Fujii Hironori	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Fujii Hironori

Comment 1 2021-07-08 22:04:38 PDT

callstack: # Child-SP RetAddr Call Site 00 00000097`8f8f91a0 00007ffc`bb627496 cairo!cairo_win32_surface_get_dc(struct _cairo_surface * surface = 0x00007ffc`d122b790)+0xc [C:\Users\eolmstead\Documents\webkit-trunk\WinCairoRequirements\buildtrees\cairo\src\1.17.4-0b32c81b80\src\win32\cairo-win32-surface.c @ 158] 01 00000097`8f8f91d0 00007ffc`bc5bf3cc WebKit!WebCore::GraphicsContextPlatformPrivate::GraphicsContextPlatformPrivate(struct _cairo * cr = <Value unavailable error>)+0x26 [C:\jenkins_slave\WinCairo-master\Source\WebCore\platform\graphics\win\GraphicsContextCairoWin.cpp @ 150] 02 (Inline Function) --------`-------- WebKit!std::make_unique+0x19 [C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\VC\Tools\MSVC\14.29.30037\include\memory @ 3416] 03 (Inline Function) --------`-------- WebKit!WTF::makeUnique+0x19 [C:\jenkins_slave\WinCairo-master\WebKitBuild\Release\WTF\Headers\wtf\StdLibExtras.h @ 507] 04 00000097`8f8f9200 00007ffc`bb630f71 WebKit!WebCore::GraphicsContextCairo::GraphicsContextCairo(class WTF::RefPtr<_cairo,WTF::RawPtrTraits<_cairo>,WTF::DefaultRefDerefTraits<_cairo> > * context = <Value unavailable error>)+0xac [C:\jenkins_slave\WinCairo-master\Source\WebCore\platform\graphics\cairo\GraphicsContextCairo.cpp @ 74] 05 00000097`8f8f92a0 00007ffc`bb63107f WebKit!WebCore::allocImage(struct HDC__ * dc = <Value unavailable error>, class WebCore::IntSize size = class WebCore::IntSize, class WebCore::GraphicsContextCairo ** targetRef = 0x00000097`8f8f93b8)+0x141 [C:\jenkins_slave\WinCairo-master\Source\WebCore\platform\win\DragImageCairoWin.cpp @ 82] 06 00000097`8f8f9390 00007ffc`bc517c41 WebKit!WebCore::scaleDragImage(struct HBITMAP__ * imageRef = 0xffffffff`ae051012, class WebCore::FloatSize * scale = 0x3f800000`9a5f0000)+0xaf [C:\jenkins_slave\WinCairo-master\Source\WebCore\platform\win\DragImageCairoWin.cpp @ 123] 07 00000097`8f8f9460 00007ffc`bc46f373 WebKit!WebCore::platformAdjustDragImageForDeviceScaleFactor(struct HBITMAP__ * image = <Value unavailable error>, float deviceScaleFactor = <Value unavailable error>)+0x31 [C:\jenkins_slave\WinCairo-master\Source\WebCore\platform\DragImage.cpp @ 227] 08 00000097`8f8f94b0 00007ffc`bc46dfb7 WebKit!WebCore::DragController::doImageDrag(class WebCore::Element * element = 0x000001b7`77d03210, class WebCore::IntPoint * dragOrigin = 0x000001b7`335df6a8, class WebCore::IntRect * layoutRect = 0x00000097`8f8f99f0, class WebCore::Frame * frame = 0x000001b7`3357d870, class WebCore::IntPoint * dragImageOffset = 0x000001b7`335707a4, struct WebCore::DragState * state = 0x00007ffc`bce17e38, struct WebCore::PromisedAttachmentInfo * attachmentInfo = 0x00000097`8f8f9f80)+0x203 [C:\jenkins_slave\WinCairo-master\Source\WebCore\page\DragController.cpp @ 1268] 09 00000097`8f8f9790 00007ffc`bc473fcd WebKit!WebCore::DragController::startDrag(class WebCore::Frame * src = 0x000001b7`3357d870, struct WebCore::DragState * state = 0x00007ffc`bce17e38, class WTF::OptionSet<WebCore::DragOperation> sourceOperationMask = <Value unavailable error>, class WebCore::PlatformMouseEvent * dragEvent = 0x00000097`8f8fa6b0, class WebCore::IntPoint * dragOrigin = 0x000001b7`335df6a8, WebCore::HasNonDefaultPasteboardData hasData = <Value unavailable error>)+0x2667 [C:\jenkins_slave\WinCairo-master\Source\WebCore\page\DragController.cpp @ 1116] 0a 00000097`8f8fa440 00007ffc`bc47331e WebKit!WebCore::EventHandler::handleDrag(class WebCore::MouseEventWithHitTestResults * event = 0x00000097`8f8fa6b0, WebCore::CheckDragHysteresis checkDragHysteresis = <Value unavailable error>)+0xa4d [C:\jenkins_slave\WinCairo-master\Source\WebCore\page\EventHandler.cpp @ 4084] 0b 00000097`8f8fa570 00007ffc`bc47942c WebKit!WebCore::EventHandler::handleMouseDraggedEvent(class WebCore::MouseEventWithHitTestResults * event = 0x00000097`8f8fa6b0, WebCore::CheckDragHysteresis checkDragHysteresis = <Value unavailable error>)+0x3e [C:\jenkins_slave\WinCairo-master\Source\WebCore\page\EventHandler.cpp @ 853] 0c 00000097`8f8fa670 00007ffc`bc478db6 WebKit!WebCore::EventHandler::handleMouseMoveEvent(class WebCore::PlatformMouseEvent * platformMouseEvent = 0x00000097`8f8fa920, class WebCore::HitTestResult * hitTestResult = <Value unavailable error>, bool onlyUpdateScrollbars = <Value unavailable error>)+0x56c [C:\jenkins_slave\WinCairo-master\Source\WebCore\page\EventHandler.cpp @ 2035] 0d 00000097`8f8fa7f0 00007ffc`bb558a26 WebKit!WebCore::EventHandler::mouseMoved(class WebCore::PlatformMouseEvent * event = 0x00000097`8f8fa920)+0xa6 [C:\jenkins_slave\WinCairo-master\Source\WebCore\page\EventHandler.cpp @ 1895] 0e 00000097`8f8fa8f0 00007ffc`bb55acd0 WebKit!WebView::handleMouseEvent(unsigned int message = 0x200, unsigned int64 wParam = <Value unavailable error>, int64 lParam = <Value unavailable error>)+0x366 [C:\jenkins_slave\WinCairo-master\Source\WebKitLegacy\win\WebView.cpp @ 1890] 0f 00000097`8f8fa9d0 00007ffc`f98ce858 WebKit!WebView::WebViewWndProc(struct HWND__ * hWnd = 0x00000000`175e23e6, unsigned int message = 0x200, unsigned int64 wParam = 1, int64 lParam = 0n11599890)+0x110 [C:\jenkins_slave\WinCairo-master\Source\WebKitLegacy\win\WebView.cpp @ 2615] 10 00000097`8f8faa70 00007ffc`f98ce4ee USER32!UserCallWinProcCheckWow+0x2f8 11 00000097`8f8fac00 00007ffc`e0009aba USER32!CallWindowProcW+0x8e 12 00000097`8f8fac50 00007ffc`e0009799 COMCTL32!CallNextSubclassProc+0x9a 13 00000097`8f8facd0 00007ffc`e0009aba COMCTL32!TTSubclassProc+0xc9 14 00000097`8f8fad80 00007ffc`e00098b7 COMCTL32!CallNextSubclassProc+0x9a 15 00000097`8f8fae00 00007ffc`f98ce858 COMCTL32!MasterSubclassProc+0xa7 16 00000097`8f8faea0 00007ffc`f98ce299 USER32!UserCallWinProcCheckWow+0x2f8 17 00000097`8f8fb030 00007ffc`d849c819 USER32!DispatchMessageWorker+0x249 18 (Inline Function) --------`-------- DumpRenderTreeLib!dispatchMessage+0x12 [C:\jenkins_slave\WinCairo-master\Tools\DumpRenderTree\win\EventSender.cpp @ 140] 19 00000097`8f8fb0b0 00007ffc`d849c3d3 DumpRenderTreeLib!doMouseMove(struct tagMSG * msg = 0x00000000`175e23e6)+0x59 [C:\jenkins_slave\WinCairo-master\Tools\DumpRenderTree\win\EventSender.cpp @ 322] 1a 00000097`8f8fb120 00007ffc`d849d170 DumpRenderTreeLib!replaySavedEvents(HRESULT * oleDragAndDropReturnValue = 0x00000000`00000000)+0x223 [C:\jenkins_slave\WinCairo-master\Tools\DumpRenderTree\win\EventSender.cpp @ 422] 1b 00000097`8f8fb280 00007ffc`c4e31a88 DumpRenderTreeLib!mouseUpCallback(struct OpaqueJSContext * context = 0x000001b7`775294b8, struct OpaqueJSValue * function = <Value unavailable error>, struct OpaqueJSValue * thisObject = <Value unavailable error>, unsigned int64 argumentCount = <Value unavailable error>, struct OpaqueJSValue ** arguments = 0x00000097`8f8fb390, struct OpaqueJSValue ** exception = 0x00000097`8f8fb370)+0x160 [C:\jenkins_slave\WinCairo-master\Tools\DumpRenderTree\win\EventSender.cpp @ 311] 1c 00000097`8f8fb320 000001b7`36f5102c JavaScriptCore!JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(class JSC::JSGlobalObject * globalObject = 0x000001b7`775294b8, class JSC::CallFrame * callFrame = 0x00000097`8f8fb480)+0x248 [C:\jenkins_slave\WinCairo-master\Source\JavaScriptCore\API\APICallbackFunction.h @ 61] 1d 00000097`8f8fb460 00000000`00000000 0x000001b7`36f5102c

Fujii Hironori

Comment 2 2021-07-08 22:20:14 PDT

Created attachment 433199 [details] WIP patch

Fujii Hironori

Comment 3 2021-07-08 23:59:55 PDT

It seems that GraphicsContextPlatformPrivate is no longer used. I'm going to remove it. Bug 227828 – [Cairo][Win] Remove unneeded GraphicsContextPlatformPrivate

Fujii Hironori

Comment 4 2021-07-12 00:41:53 PDT

r279794 fixed this crash. *** This bug has been marked as a duplicate of bug 227828 ***

Note You need to log in before you can comment on or make changes to this bug.