Bug 272150

``` #0 0x00007fff2d0e25e4 in WebCore::TextureMapperLayer::paintSelf(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #1 0x00007fff2d0e6344 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #2 0x00007fff2d0e6248 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #3 0x00007fff2d0e6374 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #4 0x00007fff2d0e6248 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #5 0x00007fff2d0e6374 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #6 0x00007fff2d0e6248 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #7 0x00007fff2d0e6374 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #8 0x00007fff2d0e6248 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #9 0x00007fff2d0e6374 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #10 0x00007fff2d0e6248 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #11 0x00007fff2d0e6374 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #12 0x00007fff2d0e6248 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #13 0x00007fff2d0e6374 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #14 0x00007fff2d0e6248 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #15 0x00007fff2d0e6374 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #16 0x00007fff2d0e6248 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #17 0x00007fff2d0e6374 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #18 0x00007fff2d0e6248 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #19 0x00007fff2d0e75a0 in WebCore::TextureMapperLayer::paint(WebCore::TextureMapper&) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #20 0x00007fff2b8db914 in WebKit::CoordinatedGraphicsScene::paintToCurrentGLContext(WebCore::TransformationMatrix const&, WebCore::FloatRect const&, bool) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #21 0x00007fff2b8dbb84 in WebKit::ThreadedCompositor::renderLayerTree() [clone .part.0] () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #22 0x00007fff2d0970c0 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #23 0x00007fff2d09797c in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #24 0x00007fff2a719714 in g_main_dispatch (context=context@entry=0x7ffec0000b70) at /usr/src/debug/glib-2.0/1_2.78.1-r0/glib/gmain.c:3476 #25 0x00007fff2a71d138 in g_main_context_dispatch_unlocked (context=0x7ffec0000b70) at /usr/src/debug/glib-2.0/1_2.78.1-r0/glib/gmain.c:4284 #26 g_main_context_iterate_unlocked (context=0x7ffec0000b70, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /usr/src/debug/glib-2.0/1_2.78.1-r0/glib/gmain.c:4349 #27 0x00007fff2a71dc00 in g_main_loop_run (loop=0x7ffec0000da0) at /usr/src/debug/glib-2.0/1_2.78.1-r0/glib/gmain.c:4551 #28 0x00007fff2d097b34 in WTF::RunLoop::run() () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #29 0x00007fff2d036b30 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #30 0x00007fff2d09bfd4 in WTF::wtfThreadEntryPoint(void*) () from /devel-wk/usr/lib/libWPEWebKit-2.0.so.1.3.1 #31 0x00007fff2ac7f594 in start_thread (arg=0x7fff2a9d8760) at pthread_create.c:444 #32 0x00007fff2ace824c in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone3.S:76 ``` The crash happens because a invalid memory access in the line `contentsLayer->paintToTextureMapper(options.textureMapper, m_state.contentsRect, transform, options.opacity);` inside TextureMapperLayer::paint(TextureMapper& textureMapper)Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. Steps for reproducing the issue: * Go to https://people.igalia.com/psaavedra/demo-igalia-videos/ * Click on cursors (->) for iterate from one video to the next.