Bug 279649
| Summary: | [cairo] ASSERTION FAILED: destSize > 0 in WebCore::Cairo::calculateSubsurfaceRect | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Fujii Hironori <fujii.hironori> |
| Component: | Platform | Assignee: | Fujii Hironori <fujii.hironori> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Fujii Hironori
Window port Debug builds are crashing:
imported/w3c/web-platform-tests/html/canvas/element/drawing-images-to-the-canvas/2d.drawImage.negativedest.html [ Crash ]
imported/w3c/web-platform-tests/html/canvas/element/drawing-images-to-the-canvas/2d.drawImage.negativedir.html [ Crash ]
ASSERTION FAILED: destSize > 0
C:\webkit\wc\Source\WebCore\platform/graphics/cairo/CairoOperations.cpp(875) : auto WebCore::Cairo::calculateSubsurfaceRect(FloatRect &, FloatRect &, const IntSize &, FloatSize &)::(anonymous class)::operator()(float &, float &, float &, float &, float, float &) const
1 00007FFF6843EFD0 WebCore::Cairo::calculateSubsurfaceRect::<lambda_0>::operator()
2 00007FFF684397B7 WebCore::Cairo::calculateSubsurfaceRect
3 00007FFF68438EAD WebCore::Cairo::drawSurface
4 00007FFF68438A42 WebCore::Cairo::drawPlatformImage
5 00007FFF68449CCE WebCore::GraphicsContextCairo::drawNativeImageInternal
6 00007FFF6834B746 WebCore::GraphicsContext::drawImageBuffer
7 00007FFF68484DC1 WebCore::DisplayList::DrawImageBuffer::apply
8 00007FFF61759734 WebKit::RemoteDisplayListRecorder::handleItem<WebCore::DisplayList::DrawImageBuffer,WebCore::ImageBuffer &>
9 00007FFF61743CBE WebKit::RemoteDisplayListRecorder::drawImageBuffer
10 00007FFF615C6F8B IPC::callMemberFunction<WebKit::RemoteDisplayListRecorder,WebKit::RemoteDisplayListRecorder,void (WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>, const WebCore::FloatRect &, const WebCore::FloatRect &, WebCore::ImagePaintingOptions),std::tuple<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> >::<lambda_1>::operator()<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions>
11 00007FFF615C6EB0 std::invoke<`lambda at C:\webkit\wc\Source\WebKit\Platform\IPC\HandleMessage.h:134:9',WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions>
12 00007FFF615C6E5B std::_Apply_impl<`lambda at C:\webkit\wc\Source\WebKit\Platform\IPC\HandleMessage.h:134:9',std::tuple<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions>,0,1,2,3>
13 00007FFF615C6DE2 std::apply<`lambda at C:\webkit\wc\Source\WebKit\Platform\IPC\HandleMessage.h:134:9',std::tuple<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> >
14 00007FFF615C60CF IPC::callMemberFunction<WebKit::RemoteDisplayListRecorder,WebKit::RemoteDisplayListRecorder,void (WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>, const WebCore::FloatRect &, const WebCore::FloatRect &, WebCore::ImagePaintingOptions),std::tuple<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> >
15 00007FFF615A0DF2 IPC::handleMessage<Messages::RemoteDisplayListRecorder::DrawImageBuffer,WebKit::RemoteDisplayListRecorder,WebKit::RemoteDisplayListRecorder,void (WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>, const WebCore::FloatRect &, const WebCore::FloatRect &, WebCore::ImagePaintingOptions)>
16 00007FFF61589A7F WebKit::RemoteDisplayListRecorder::didReceiveStreamMessage
17 00007FFF61C89B86 IPC::StreamServerConnection::dispatchStreamMessage
18 00007FFF61C88963 IPC::StreamServerConnection::dispatchStreamMessages
19 00007FFF61C88484 IPC::StreamConnectionWorkQueue::processStreams
20 00007FFF61C8A6EF IPC::StreamConnectionWorkQueue::startProcessingThread::<lambda_2>::operator()
21 00007FFF61C8A697 WTF::Detail::CallableWrapper<`lambda at C:\webkit\wc\Source\WebKit\Platform\IPC\StreamConnectionWorkQueue.cpp:123:17',void>::call
22 00007FFF5EF66B69 WTF::Function<void ()>::operator()
23 00007FFF6008D9FC WTF::Thread::entryPoint
24 00007FFF60167543 WTF::wtfThreadEntryPoint
25 00007FF844119333 recalloc
26 00007FF84617257D BaseThreadInitThunk
27 00007FF84690AF28 RtlUserThreadStart
Exception thrown at 0x00007FFF5FF3AEB5 (JavaScriptCore.dll) in WebKitGPUProcess.exe: 0xC0000005: Access violation writing location 0x00000000BBADBEEF.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Fujii Hironori
It's reproducible just by loading
https://wpt.live/html/canvas/element/drawing-images-to-the-canvas/2d.drawImage.negativedest.html
with Windows Debug MiniBrowser.
Fujii Hironori
Pull request: https://github.com/WebKit/WebKit/pull/33756
EWS
Committed 283797@main (028c2cf49867): <https://commits.webkit.org/283797@main>
Reviewed commits have been landed. Closing PR #33756 and removing active labels.
Radar WebKit Bug Importer
<rdar://problem/136174675>