Bug 300412
| Summary: | [Win] Regression - crashing while drawing text blob | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Ian Grunert <ian.grunert> |
| Component: | New Bugs | Assignee: | Carlos Garcia Campos <cgarcia> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | cgarcia, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | PC | ||
| OS: | Windows 11 | ||
Ian Grunert
Crashing on main https://commits.webkit.org/301218@main
Bisected the issue to this commit: https://commits.webkit.org/300818@main
Exception thrown at 0x00007FF8B4131C1C (WebCore.dll) in WebKitWebProcess.exe: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF.
Stack trace:
> WebCore.dll!SkCanvas::drawTextBlob(const SkTextBlob * blob, float x, float y, const SkPaint & paint) Line 2565 C++
[Inline Frame] WebCore.dll!SkCanvas::drawTextBlob(const sk_sp<SkTextBlob> & blob, float x, float y, const SkPaint & paint) Line 2029 C++
WebCore.dll!WebCore::GraphicsContextSkia::drawSkiaText(const sk_sp<SkTextBlob> & blob, float x, float y, bool enableAntialias, bool isVertical) Line 1127 C++
[Inline Frame] WebCore.dll!WebCore::DisplayList::DrawGlyphs::apply(WebCore::GraphicsContext & context) Line 285 C++
[Inline Frame] WebCore.dll!WebCore::DisplayList::applyItem::<lambda_1>::operator()(const WebCore::DisplayList::DrawGlyphs & item) Line 43 C++
[Inline Frame] WebCore.dll!mpark::lib::cpp17::detail::invoke(WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'> && args, const WebCore::DisplayList::DrawGlyphs &) Line 696 C++
[Inline Frame] WebCore.dll!mpark::lib::cpp17::invoke(WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'> && args, const WebCore::DisplayList::DrawGlyphs &) Line 704 C++
[Inline Frame] WebCore.dll!mpark::detail::visitation::variant::visit_exhaustiveness_check<WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'>,const WebCore::DisplayList::DrawGlyphs &>::invoke(WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'> && values, const WebCore::DisplayList::DrawGlyphs &) Line 1597 C++
[Inline Frame] WebCore.dll!mpark::detail::visitation::variant::value_visitor<WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'>>::operator()(const mpark::detail::alt<18,WebCore::DisplayList::DrawGlyphs> & alts) Line 1607 C++
[Inline Frame] WebCore.dll!mpark::lib::cpp17::detail::invoke(mpark::detail::visitation::variant::value_visitor<WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'>> && args, const mpark::detail::alt<18,WebCore::DisplayList::DrawGlyphs> &) Line 696 C++
[Inline Frame] WebCore.dll!mpark::lib::cpp17::invoke(mpark::detail::visitation::variant::value_visitor<WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'>> && args, const mpark::detail::alt<18,WebCore::DisplayList::DrawGlyphs> &) Line 704 C++
[Inline Frame] WebCore.dll!mpark::detail::visitation::base::visit_return_type_check<void,void>::invoke(mpark::detail::visitation::variant::value_visitor<WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'>> && alts, const mpark::detail::alt<18,WebCore::DisplayList::DrawGlyphs> &) Line 1212 C++
WebCore.dll!mpark::detail::visitation::base::make_fmatrix_impl<mpark::detail::visitation::variant::value_visitor<WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'>> &&,const mpark::detail::base<1,WebCore::DisplayList::ApplyDeviceScaleFactor,WebCore::DisplayList::BeginTransparencyLayer,WebCore::DisplayList::BeginTransparencyLayerWithCompositeMode,WebCore::DisplayList::ClearRect,WebCore::DisplayList::Clip,WebCore::DisplayList::ClipRoundedRect,WebCore::DisplayList::ClipOut,WebCore::DisplayList::ClipOutRoundedRect,WebCore::DisplayList::ClipOutToPath,WebCore::DisplayList::ClipPath,WebCore::DisplayList::ClipToImageBuffer,WebCore::DisplayList::ConcatenateCTM,WebCore::DisplayList::DrawControlPart,WebCore::DisplayList::DrawDotsForDocumentMarker,WebCore::DisplayList::DrawEllipse,WebCore::DisplayList::DrawFilteredImageBuffer,WebCore::DisplayList::DrawFocusRingPath,WebCore::DisplayList::DrawFocusRingRects,WebCore::DisplayList::DrawGlyphs,WebCore::DisplayList::DrawDisplayList,WebCore::DisplayList::DrawPlaceholder,WebCore::DisplayList::DrawImageBuffer,WebCore::DisplayList::DrawLine,WebCore::DisplayList::DrawLinesForText,WebCore::DisplayList::DrawNativeImage,WebCore::DisplayList::DrawPath,WebCore::DisplayList::DrawPatternNativeImage,WebCore::DisplayList::DrawPatternImageBuffer,WebCore::DisplayList::DrawRect,WebCore::DisplayList::DrawSystemImage,WebCore::DisplayList::EndTransparencyLayer,WebCore::DisplayList::FillCompositedRect,WebCore::DisplayList::FillEllipse,WebCore::DisplayList::FillPath,WebCore::DisplayList::FillRect,WebCore::DisplayList::FillRectWithColor,WebCore::DisplayList::FillRectWithGradient,WebCore::DisplayList::FillRectWithGradientAndSpaceTransform,WebCore::DisplayList::FillRectWithRoundedHole,WebCore::DisplayList::FillRoundedRect,WebCore::DisplayList::ResetClip,WebCore::DisplayList::Restore,WebCore::DisplayList::Rotate,WebCore::DisplayList::Save,WebCore::DisplayList::Scale,WebCore::DisplayList::SetCTM,WebCore::DisplayList::SetInlineFillColor,WebCore::DisplayList::SetInlineStroke,WebCore::DisplayList::SetLineCap,WebCore::DisplayList::SetLineDash,WebCore::DisplayList::SetLineJoin,WebCore::DisplayList::SetMiterLimit,WebCore::DisplayList::SetState,WebCore::DisplayList::StrokeEllipse,WebCore::DisplayList::StrokePath,WebCore::DisplayList::StrokeRect,WebCore::DisplayList::Translate,WebCore::DisplayList::BeginPage,WebCore::DisplayList::EndPage,WebCore::DisplayList::SetURLForRect> &>::dispatch<18>(mpark::detail::visitation::variant::value_visitor<WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'>> && f, const mpark::detail::base<1,WebCore::DisplayList::ApplyDeviceScaleFactor,WebCore::DisplayList::BeginTransparencyLayer,WebCore::DisplayList::BeginTransparencyLayerWithCompositeMode,WebCore::DisplayList::ClearRect,WebCore::DisplayList::Clip,WebCore::DisplayList::ClipRoundedRect,WebCore::DisplayList::ClipOut,WebCore::DisplayList::ClipOutRoundedRect,WebCore::DisplayList::ClipOutToPath,WebCore::DisplayList::ClipPath,WebCore::DisplayList::ClipToImageBuffer,WebCore::DisplayList::ConcatenateCTM,WebCore::DisplayList::DrawControlPart,WebCore::DisplayList::DrawDotsForDocumentMarker,WebCore::DisplayList::DrawEllipse,WebCore::DisplayList::DrawFilteredImageBuffer,WebCore::DisplayList::DrawFocusRingPath,WebCore::DisplayList::DrawFocusRingRects,WebCore::DisplayList::DrawGlyphs,WebCore::DisplayList::DrawDisplayList,WebCore::DisplayList::DrawPlaceholder,WebCore::DisplayList::DrawImageBuffer,WebCore::DisplayList::DrawLine,WebCore::DisplayList::DrawLinesForText,WebCore::DisplayList::DrawNativeImage,WebCore::DisplayList::DrawPath,WebCore::DisplayList::DrawPatternNativeImage,WebCore::DisplayList::DrawPatternImageBuffer,WebCore::DisplayList::DrawRect,WebCore::DisplayList::DrawSystemImage,WebCore::DisplayList::EndTransparencyLayer,WebCore::DisplayList::FillCompositedRect,WebCore::DisplayList::FillEllipse,WebCore::DisplayList::FillPath,WebCore::DisplayList::FillRect,WebCore::DisplayList::FillRectWithColor,WebCore::DisplayList::FillRectWithGradient,WebCore::DisplayList::FillRectWithGradientAndSpaceTransform,WebCore::DisplayList::FillRectWithRoundedHole,WebCore::DisplayList::FillRoundedRect,WebCore::DisplayList::ResetClip,WebCore::DisplayList::Restore,WebCore::DisplayList::Rotate,WebCore::DisplayList::Save,WebCore::DisplayList::Scale,WebCore::DisplayList::SetCTM,WebCore::DisplayList::SetInlineFillColor,WebCore::DisplayList::SetInlineStroke,WebCore::DisplayList::SetLineCap,WebCore::DisplayList::SetLineDash,WebCore::DisplayList::SetLineJoin,WebCore::DisplayList::SetMiterLimit,WebCore::DisplayList::SetState,WebCore::DisplayList::StrokeEllipse,WebCore::DisplayList::StrokePath,WebCore::DisplayList::StrokeRect,WebCore::DisplayList::Translate,WebCore::DisplayList::BeginPage,WebCore::DisplayList::EndPage,WebCore::DisplayList::SetURLForRect> & vs) Line 1413 C++
[Inline Frame] WebCore.dll!mpark::detail::visitation::alt::visit_alt(mpark::detail::visitation::variant::value_visitor<WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'>> && visitor, const mpark::detail::impl<WebCore::DisplayList::ApplyDeviceScaleFactor,WebCore::DisplayList::BeginTransparencyLayer,WebCore::DisplayList::BeginTransparencyLayerWithCompositeMode,WebCore::DisplayList::ClearRect,WebCore::DisplayList::Clip,WebCore::DisplayList::ClipRoundedRect,WebCore::DisplayList::ClipOut,WebCore::DisplayList::ClipOutRoundedRect,WebCore::DisplayList::ClipOutToPath,WebCore::DisplayList::ClipPath,WebCore::DisplayList::ClipToImageBuffer,WebCore::DisplayList::ConcatenateCTM,WebCore::DisplayList::DrawControlPart,WebCore::DisplayList::DrawDotsForDocumentMarker,WebCore::DisplayList::DrawEllipse,WebCore::DisplayList::DrawFilteredImageBuffer,WebCore::DisplayList::DrawFocusRingPath,WebCore::DisplayList::DrawFocusRingRects,WebCore::DisplayList::DrawGlyphs,WebCore::DisplayList::DrawDisplayList,WebCore::DisplayList::DrawPlaceholder,WebCore::DisplayList::DrawImageBuffer,WebCore::DisplayList::DrawLine,WebCore::DisplayList::DrawLinesForText,WebCore::DisplayList::DrawNativeImage,WebCore::DisplayList::DrawPath,WebCore::DisplayList::DrawPatternNativeImage,WebCore::DisplayList::DrawPatternImageBuffer,WebCore::DisplayList::DrawRect,WebCore::DisplayList::DrawSystemImage,WebCore::DisplayList::EndTransparencyLayer,WebCore::DisplayList::FillCompositedRect,WebCore::DisplayList::FillEllipse,WebCore::DisplayList::FillPath,WebCore::DisplayList::FillRect,WebCore::DisplayList::FillRectWithColor,WebCore::DisplayList::FillRectWithGradient,WebCore::DisplayList::FillRectWithGradientAndSpaceTransform,WebCore::DisplayList::FillRectWithRoundedHole,WebCore::DisplayList::FillRoundedRect,WebCore::DisplayList::ResetClip,WebCore::DisplayList::Restore,WebCore::DisplayList::Rotate,WebCore::DisplayList::Save,WebCore::DisplayList::Scale,WebCore::DisplayList::SetCTM,WebCore::DisplayList::SetInlineFillColor,WebCore::DisplayList::SetInlineStroke,WebCore::DisplayList::SetLineCap,WebCore::DisplayList::SetLineDash,WebCore::DisplayList::SetLineJoin,WebCore::DisplayList::SetMiterLimit,WebCore::DisplayList::SetState,WebCore::DisplayList::StrokeEllipse,WebCore::DisplayList::StrokePath,WebCore::DisplayList::StrokeRect,WebCore::DisplayList::Translate,WebCore::DisplayList::BeginPage,WebCore::DisplayList::EndPage,WebCore::DisplayList::SetURLForRect> & vs) Line 1538 C++
[Inline Frame] WebCore.dll!mpark::detail::visitation::variant::visit_alt(mpark::detail::visitation::variant::value_visitor<WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'>> && visitor, const mpark::variant<WebCore::DisplayList::ApplyDeviceScaleFactor,WebCore::DisplayList::BeginTransparencyLayer,WebCore::DisplayList::BeginTransparencyLayerWithCompositeMode,WebCore::DisplayList::ClearRect,WebCore::DisplayList::Clip,WebCore::DisplayList::ClipRoundedRect,WebCore::DisplayList::ClipOut,WebCore::DisplayList::ClipOutRoundedRect,WebCore::DisplayList::ClipOutToPath,WebCore::DisplayList::ClipPath,WebCore::DisplayList::ClipToImageBuffer,WebCore::DisplayList::ConcatenateCTM,WebCore::DisplayList::DrawControlPart,WebCore::DisplayList::DrawDotsForDocumentMarker,WebCore::DisplayList::DrawEllipse,WebCore::DisplayList::DrawFilteredImageBuffer,WebCore::DisplayList::DrawFocusRingPath,WebCore::DisplayList::DrawFocusRingRects,WebCore::DisplayList::DrawGlyphs,WebCore::DisplayList::DrawDisplayList,WebCore::DisplayList::DrawPlaceholder,WebCore::DisplayList::DrawImageBuffer,WebCore::DisplayList::DrawLine,WebCore::DisplayList::DrawLinesForText,WebCore::DisplayList::DrawNativeImage,WebCore::DisplayList::DrawPath,WebCore::DisplayList::DrawPatternNativeImage,WebCore::DisplayList::DrawPatternImageBuffer,WebCore::DisplayList::DrawRect,WebCore::DisplayList::DrawSystemImage,WebCore::DisplayList::EndTransparencyLayer,WebCore::DisplayList::FillCompositedRect,WebCore::DisplayList::FillEllipse,WebCore::DisplayList::FillPath,WebCore::DisplayList::FillRect,WebCore::DisplayList::FillRectWithColor,WebCore::DisplayList::FillRectWithGradient,WebCore::DisplayList::FillRectWithGradientAndSpaceTransform,WebCore::DisplayList::FillRectWithRoundedHole,WebCore::DisplayList::FillRoundedRect,WebCore::DisplayList::ResetClip,WebCore::DisplayList::Restore,WebCore::DisplayList::Rotate,WebCore::DisplayList::Save,WebCore::DisplayList::Scale,WebCore::DisplayList::SetCTM,WebCore::DisplayList::SetInlineFillColor,WebCore::DisplayList::SetInlineStroke,WebCore::DisplayList::SetLineCap,WebCore::DisplayList::SetLineDash,WebCore::DisplayList::SetLineJoin,WebCore::DisplayList::SetMiterLimit,WebCore::DisplayList::SetState,WebCore::DisplayList::StrokeEllipse,WebCore::DisplayList::StrokePath,WebCore::DisplayList::StrokeRect,WebCore::DisplayList::Translate,WebCore::DisplayList::BeginPage,WebCore::DisplayList::EndPage,WebCore::DisplayList::SetURLForRect> & vs) Line 1623 C++
[Inline Frame] WebCore.dll!mpark::detail::visitation::variant::visit_value(WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'> && visitor, const mpark::variant<WebCore::DisplayList::ApplyDeviceScaleFactor,WebCore::DisplayList::BeginTransparencyLayer,WebCore::DisplayList::BeginTransparencyLayerWithCompositeMode,WebCore::DisplayList::ClearRect,WebCore::DisplayList::Clip,WebCore::DisplayList::ClipRoundedRect,WebCore::DisplayList::ClipOut,WebCore::DisplayList::ClipOutRoundedRect,WebCore::DisplayList::ClipOutToPath,WebCore::DisplayList::ClipPath,WebCore::DisplayList::ClipToImageBuffer,WebCore::DisplayList::ConcatenateCTM,WebCore::DisplayList::DrawControlPart,WebCore::DisplayList::DrawDotsForDocumentMarker,WebCore::DisplayList::DrawEllipse,WebCore::DisplayList::DrawFilteredImageBuffer,WebCore::DisplayList::DrawFocusRingPath,WebCore::DisplayList::DrawFocusRingRects,WebCore::DisplayList::DrawGlyphs,WebCore::DisplayList::DrawDisplayList,WebCore::DisplayList::DrawPlaceholder,WebCore::DisplayList::DrawImageBuffer,WebCore::DisplayList::DrawLine,WebCore::DisplayList::DrawLinesForText,WebCore::DisplayList::DrawNativeImage,WebCore::DisplayList::DrawPath,WebCore::DisplayList::DrawPatternNativeImage,WebCore::DisplayList::DrawPatternImageBuffer,WebCore::DisplayList::DrawRect,WebCore::DisplayList::DrawSystemImage,WebCore::DisplayList::EndTransparencyLayer,WebCore::DisplayList::FillCompositedRect,WebCore::DisplayList::FillEllipse,WebCore::DisplayList::FillPath,WebCore::DisplayList::FillRect,WebCore::DisplayList::FillRectWithColor,WebCore::DisplayList::FillRectWithGradient,WebCore::DisplayList::FillRectWithGradientAndSpaceTransform,WebCore::DisplayList::FillRectWithRoundedHole,WebCore::DisplayList::FillRoundedRect,WebCore::DisplayList::ResetClip,WebCore::DisplayList::Restore,WebCore::DisplayList::Rotate,WebCore::DisplayList::Save,WebCore::DisplayList::Scale,WebCore::DisplayList::SetCTM,WebCore::DisplayList::SetInlineFillColor,WebCore::DisplayList::SetInlineStroke,WebCore::DisplayList::SetLineCap,WebCore::DisplayList::SetLineDash,WebCore::DisplayList::SetLineJoin,WebCore::DisplayList::SetMiterLimit,WebCore::DisplayList::SetState,WebCore::DisplayList::StrokeEllipse,WebCore::DisplayList::StrokePath,WebCore::DisplayList::StrokeRect,WebCore::DisplayList::Translate,WebCore::DisplayList::BeginPage,WebCore::DisplayList::EndPage,WebCore::DisplayList::SetURLForRect> & vs) Line 1638 C++
[Inline Frame] WebCore.dll!mpark::visit(WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'> && visitor, const mpark::variant<WebCore::DisplayList::ApplyDeviceScaleFactor,WebCore::DisplayList::BeginTransparencyLayer,WebCore::DisplayList::BeginTransparencyLayerWithCompositeMode,WebCore::DisplayList::ClearRect,WebCore::DisplayList::Clip,WebCore::DisplayList::ClipRoundedRect,WebCore::DisplayList::ClipOut,WebCore::DisplayList::ClipOutRoundedRect,WebCore::DisplayList::ClipOutToPath,WebCore::DisplayList::ClipPath,WebCore::DisplayList::ClipToImageBuffer,WebCore::DisplayList::ConcatenateCTM,WebCore::DisplayList::DrawControlPart,WebCore::DisplayList::DrawDotsForDocumentMarker,WebCore::DisplayList::DrawEllipse,WebCore::DisplayList::DrawFilteredImageBuffer,WebCore::DisplayList::DrawFocusRingPath,WebCore::DisplayList::DrawFocusRingRects,WebCore::DisplayList::DrawGlyphs,WebCore::DisplayList::DrawDisplayList,WebCore::DisplayList::DrawPlaceholder,WebCore::DisplayList::DrawImageBuffer,WebCore::DisplayList::DrawLine,WebCore::DisplayList::DrawLinesForText,WebCore::DisplayList::DrawNativeImage,WebCore::DisplayList::DrawPath,WebCore::DisplayList::DrawPatternNativeImage,WebCore::DisplayList::DrawPatternImageBuffer,WebCore::DisplayList::DrawRect,WebCore::DisplayList::DrawSystemImage,WebCore::DisplayList::EndTransparencyLayer,WebCore::DisplayList::FillCompositedRect,WebCore::DisplayList::FillEllipse,WebCore::DisplayList::FillPath,WebCore::DisplayList::FillRect,WebCore::DisplayList::FillRectWithColor,WebCore::DisplayList::FillRectWithGradient,WebCore::DisplayList::FillRectWithGradientAndSpaceTransform,WebCore::DisplayList::FillRectWithRoundedHole,WebCore::DisplayList::FillRoundedRect,WebCore::DisplayList::ResetClip,WebCore::DisplayList::Restore,WebCore::DisplayList::Rotate,WebCore::DisplayList::Save,WebCore::DisplayList::Scale,WebCore::DisplayList::SetCTM,WebCore::DisplayList::SetInlineFillColor,WebCore::DisplayList::SetInlineStroke,WebCore::DisplayList::SetLineCap,WebCore::DisplayList::SetLineDash,WebCore::DisplayList::SetLineJoin,WebCore::DisplayList::SetMiterLimit,WebCore::DisplayList::SetState,WebCore::DisplayList::StrokeEllipse,WebCore::DisplayList::StrokePath,WebCore::DisplayList::StrokeRect,WebCore::DisplayList::Translate,WebCore::DisplayList::BeginPage,WebCore::DisplayList::EndPage,WebCore::DisplayList::SetURLForRect> & vs) Line 2749 C++
[Inline Frame] WebCore.dll!WTF::visit(WTF::Visitor<`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:40:9',`lambda at S:\WebKit\Source\WebCore\platform\graphics\displaylists\DisplayListItem.cpp:42:12'> && v, const mpark::variant<WebCore::DisplayList::ApplyDeviceScaleFactor,WebCore::DisplayList::BeginTransparencyLayer,WebCore::DisplayList::BeginTransparencyLayerWithCompositeMode,WebCore::DisplayList::ClearRect,WebCore::DisplayList::Clip,WebCore::DisplayList::ClipRoundedRect,WebCore::DisplayList::ClipOut,WebCore::DisplayList::ClipOutRoundedRect,WebCore::DisplayList::ClipOutToPath,WebCore::DisplayList::ClipPath,WebCore::DisplayList::ClipToImageBuffer,WebCore::DisplayList::ConcatenateCTM,WebCore::DisplayList::DrawControlPart,WebCore::DisplayList::DrawDotsForDocumentMarker,WebCore::DisplayList::DrawEllipse,WebCore::DisplayList::DrawFilteredImageBuffer,WebCore::DisplayList::DrawFocusRingPath,WebCore::DisplayList::DrawFocusRingRects,WebCore::DisplayList::DrawGlyphs,WebCore::DisplayList::DrawDisplayList,WebCore::DisplayList::DrawPlaceholder,WebCore::DisplayList::DrawImageBuffer,WebCore::DisplayList::DrawLine,WebCore::DisplayList::DrawLinesForText,WebCore::DisplayList::DrawNativeImage,WebCore::DisplayList::DrawPath,WebCore::DisplayList::DrawPatternNativeImage,WebCore::DisplayList::DrawPatternImageBuffer,WebCore::DisplayList::DrawRect,WebCore::DisplayList::DrawSystemImage,WebCore::DisplayList::EndTransparencyLayer,WebCore::DisplayList::FillCompositedRect,WebCore::DisplayList::FillEllipse,WebCore::DisplayList::FillPath,WebCore::DisplayList::FillRect,WebCore::DisplayList::FillRectWithColor,WebCore::DisplayList::FillRectWithGradient,WebCore::DisplayList::FillRectWithGradientAndSpaceTransform,WebCore::DisplayList::FillRectWithRoundedHole,WebCore::DisplayList::FillRoundedRect,WebCore::DisplayList::ResetClip,WebCore::DisplayList::Restore,WebCore::DisplayList::Rotate,WebCore::DisplayList::Save,WebCore::DisplayList::Scale,WebCore::DisplayList::SetCTM,WebCore::DisplayList::SetInlineFillColor,WebCore::DisplayList::SetInlineStroke,WebCore::DisplayList::SetLineCap,WebCore::DisplayList::SetLineDash,WebCore::DisplayList::SetLineJoin,WebCore::DisplayList::SetMiterLimit,WebCore::DisplayList::SetState,WebCore::DisplayList::StrokeEllipse,WebCore::DisplayList::StrokePath,WebCore::DisplayList::StrokeRect,WebCore::DisplayList::Translate,WebCore::DisplayList::BeginPage,WebCore::DisplayList::EndPage,WebCore::DisplayList::SetURLForRect> & values) Line 2927 C++
[Inline Frame] WebCore.dll!WTF::switchOn(const mpark::variant<WebCore::DisplayList::ApplyDeviceScaleFactor,WebCore::DisplayList::BeginTransparencyLayer,WebCore::DisplayList::BeginTransparencyLayerWithCompositeMode,WebCore::DisplayList::ClearRect,WebCore::DisplayList::Clip,WebCore::DisplayList::ClipRoundedRect,WebCore::DisplayList::ClipOut,WebCore::DisplayList::ClipOutRoundedRect,WebCore::DisplayList::ClipOutToPath,WebCore::DisplayList::ClipPath,WebCore::DisplayList::ClipToImageBuffer,WebCore::DisplayList::ConcatenateCTM,WebCore::DisplayList::DrawControlPart,WebCore::DisplayList::DrawDotsForDocumentMarker,WebCore::DisplayList::DrawEllipse,WebCore::DisplayList::DrawFilteredImageBuffer,WebCore::DisplayList::DrawFocusRingPath,WebCore::DisplayList::DrawFocusRingRects,WebCore::DisplayList::DrawGlyphs,WebCore::DisplayList::DrawDisplayList,WebCore::DisplayList::DrawPlaceholder,WebCore::DisplayList::DrawImageBuffer,WebCore::DisplayList::DrawLine,WebCore::DisplayList::DrawLinesForText,WebCore::DisplayList::DrawNativeImage,WebCore::DisplayList::DrawPath,WebCore::DisplayList::DrawPatternNativeImage,WebCore::DisplayList::DrawPatternImageBuffer,WebCore::DisplayList::DrawRect,WebCore::DisplayList::DrawSystemImage,WebCore::DisplayList::EndTransparencyLayer,WebCore::DisplayList::FillCompositedRect,WebCore::DisplayList::FillEllipse,WebCore::DisplayList::FillPath,WebCore::DisplayList::FillRect,WebCore::DisplayList::FillRectWithColor,WebCore::DisplayList::FillRectWithGradient,WebCore::DisplayList::FillRectWithGradientAndSpaceTransform,WebCore::DisplayList::FillRectWithRoundedHole,WebCore::DisplayList::FillRoundedRect,WebCore::DisplayList::ResetClip,WebCore::DisplayList::Restore,WebCore::DisplayList::Rotate,WebCore::DisplayList::Save,WebCore::DisplayList::Scale,WebCore::DisplayList::SetCTM,WebCore::DisplayList::SetInlineFillColor,WebCore::DisplayList::SetInlineStroke,WebCore::DisplayList::SetLineCap,WebCore::DisplayList::SetLineDash,WebCore::DisplayList::SetLineJoin,WebCore::DisplayList::SetMiterLimit,WebCore::DisplayList::SetState,WebCore::DisplayList::StrokeEllipse,WebCore::DisplayList::StrokePath,WebCore::DisplayList::StrokeRect,WebCore::DisplayList::Translate,WebCore::DisplayList::BeginPage,WebCore::DisplayList::EndPage,WebCore::DisplayList::SetURLForRect> & v, WebCore::DisplayList::applyItem::<lambda_0> &&) Line 567 C++
WebCore.dll!WebCore::DisplayList::applyItem(WebCore::GraphicsContext & context, WebCore::ControlFactory & controlFactory, const mpark::variant<WebCore::DisplayList::ApplyDeviceScaleFactor,WebCore::DisplayList::BeginTransparencyLayer,WebCore::DisplayList::BeginTransparencyLayerWithCompositeMode,WebCore::DisplayList::ClearRect,WebCore::DisplayList::Clip,WebCore::DisplayList::ClipRoundedRect,WebCore::DisplayList::ClipOut,WebCore::DisplayList::ClipOutRoundedRect,WebCore::DisplayList::ClipOutToPath,WebCore::DisplayList::ClipPath,WebCore::DisplayList::ClipToImageBuffer,WebCore::DisplayList::ConcatenateCTM,WebCore::DisplayList::DrawControlPart,WebCore::DisplayList::DrawDotsForDocumentMarker,WebCore::DisplayList::DrawEllipse,WebCore::DisplayList::DrawFilteredImageBuffer,WebCore::DisplayList::DrawFocusRingPath,WebCore::DisplayList::DrawFocusRingRects,WebCore::DisplayList::DrawGlyphs,WebCore::DisplayList::DrawDisplayList,WebCore::DisplayList::DrawPlaceholder,WebCore::DisplayList::DrawImageBuffer,WebCore::DisplayList::DrawLine,WebCore::DisplayList::DrawLinesForText,WebCore::DisplayList::DrawNativeImage,WebCore::DisplayList::DrawPath,WebCore::DisplayList::DrawPatternNativeImage,WebCore::DisplayList::DrawPatternImageBuffer,WebCore::DisplayList::DrawRect,WebCore::DisplayList::DrawSystemImage,WebCore::DisplayList::EndTransparencyLayer,WebCore::DisplayList::FillCompositedRect,WebCore::DisplayList::FillEllipse,WebCore::DisplayList::FillPath,WebCore::DisplayList::FillRect,WebCore::DisplayList::FillRectWithColor,WebCore::DisplayList::FillRectWithGradient,WebCore::DisplayList::FillRectWithGradientAndSpaceTransform,WebCore::DisplayList::FillRectWithRoundedHole,WebCore::DisplayList::FillRoundedRect,WebCore::DisplayList::ResetClip,WebCore::DisplayList::Restore,WebCore::DisplayList::Rotate,WebCore::DisplayList::Save,WebCore::DisplayList::Scale,WebCore::DisplayList::SetCTM,WebCore::DisplayList::SetInlineFillColor,WebCore::DisplayList::SetInlineStroke,WebCore::DisplayList::SetLineCap,WebCore::DisplayList::SetLineDash,WebCore::DisplayList::SetLineJoin,WebCore::DisplayList::SetMiterLimit,WebCore::DisplayList::SetState,WebCore::DisplayList::StrokeEllipse,WebCore::DisplayList::StrokePath,WebCore::DisplayList::StrokeRect,WebCore::DisplayList::Translate,WebCore::DisplayList::BeginPage,WebCore::DisplayList::EndPage,WebCore::DisplayList::SetURLForRect> & item) Line 39 C++
WebCore.dll!WebCore::GraphicsContext::drawDisplayList(const WebCore::DisplayList::DisplayList & displayList, WebCore::ControlFactory & controlFactory) Line 563 C++
WebCore.dll!WebCore::DisplayList::Recorder::appendDisplayList(const WebCore::DisplayList::DisplayList & displayList) Line 71 C++
WebKit2.dll!WebKit::RemoteRenderingBackendProxy::cacheDisplayList(WTF::ObjectIdentifierGeneric<WebKit::RemoteDisplayListIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long> identifier, const WebCore::DisplayList::DisplayList & displayList) Line 477 C++
WebKit2.dll!WebKit::RemoteResourceCacheProxy::recordDisplayListUse(const WebCore::DisplayList::DisplayList & displayList) Line 213 C++
[Inline Frame] WebKit2.dll!WebKit::RemoteGraphicsContextProxy::recordResourceUse(const WebCore::DisplayList::DisplayList & displayList) Line 727 C++
WebKit2.dll!WebKit::RemoteGraphicsContextProxy::drawDisplayList(const WebCore::DisplayList::DisplayList & displayList, WebCore::ControlFactory &) Line 283 C++
WebCore.dll!WebCore::GraphicsContext::drawDisplayList(const WebCore::DisplayList::DisplayList & displayList) Line 557 C++
WebCore.dll!WebCore::TextPainter::paintTextOrEmphasisMarks(const WebCore::FontCascade & font, const WebCore::TextRun & textRun, const WTF::AtomString & emphasisMark, float emphasisMarkOffset, const WebCore::FloatPoint & textOrigin, unsigned int startOffset, unsigned int endOffset) Line 134 C++
WebCore.dll!WebCore::TextPainter::paintTextWithShadows(const WebCore::Style::Shadows<WebCore::Style::TextShadow> * shadows, const WebCore::Style::AppleColorFilter & colorFilter, const WebCore::FontCascade & font, const WebCore::TextRun & textRun, const WebCore::FloatRect & boxRect, const WebCore::FloatPoint & textOrigin, unsigned int startOffset, unsigned int endOffset, const WTF::AtomString & emphasisMark, float emphasisMarkOffset, bool stroked) Line 141 C++
WebCore.dll!WebCore::TextPainter::paintTextAndEmphasisMarksIfNeeded(const WebCore::TextRun & textRun, const WebCore::FloatRect & boxRect, const WebCore::FloatPoint & textOrigin, unsigned int startOffset, unsigned int endOffset, const WebCore::TextPaintStyle & paintStyle, const WebCore::Style::Shadows<WebCore::Style::TextShadow> & shadow, const WebCore::Style::AppleColorFilter & shadowColorFilter) Line 200 C++
WebCore.dll!WebCore::TextPainter::paintRange(const WebCore::TextRun & textRun, const WebCore::FloatRect & boxRect, const WebCore::FloatPoint & textOrigin, unsigned int start, unsigned int end) Line 224 C++
WebCore.dll!WebCore::TextBoxPainter::paintForeground(const WebCore::StyledMarkedText & markedText) Line 657 C++
WebCore.dll!WebCore::TextBoxPainter::paintForegroundAndDecorations() Line 408 C++
WebCore.dll!WebCore::TextBoxPainter::paint() Line 268 C++
WebCore.dll!WebCore::LayoutIntegration::InlineContentPainter::paintDisplayBox(const WebCore::InlineDisplay::Box & box) Line 119 C++
WebCore.dll!WebCore::LayoutIntegration::InlineContentPainter::paint() Line 174 C++
WebCore.dll!WebCore::LayoutIntegration::LineLayout::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, const WebCore::RenderInline * layerRenderer) Line 1151 C++
WebCore.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1216 C++
WebCore.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 954 C++
WebCore.dll!WebCore::RenderBlock::paintChild(WebCore::RenderBox & child, WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::PaintInfo & paintInfoForChild, bool usePrintRect, WebCore::RenderBlock::PaintBlockType paintType) Line 1046 C++
WebCore.dll!WebCore::RenderBlock::paintChildren(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::PaintInfo & paintInfoForChild, bool usePrintRect) Line 999 C++
WebCore.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 990 C++
WebCore.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1216 C++
WebCore.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 954 C++
WebCore.dll!WebCore::RenderBlock::paintChild(WebCore::RenderBox & child, WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::PaintInfo & paintInfoForChild, bool usePrintRect, WebCore::RenderBlock::PaintBlockType paintType) Line 1046 C++
WebCore.dll!WebCore::RenderBlock::paintChildren(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::PaintInfo & paintInfoForChild, bool usePrintRect) Line 999 C++
WebCore.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 990 C++
WebCore.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1216 C++
WebCore.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 954 C++
WebCore.dll!WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase phase, const WTF::Vector<WebCore::LayerFragment,1,WTF::CrashOnOverflow,16,WTF::FastMalloc> & layerFragments, WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & localPaintingInfo, WTF::OptionSet<WebCore::PaintBehavior,0> paintBehavior, WebCore::RenderObject * subtreePaintRootForRenderer) Line 4393 C++
WebCore.dll!WebCore::RenderLayer::paintForegroundForFragments(const WTF::Vector<WebCore::LayerFragment,1,WTF::CrashOnOverflow,16,WTF::FastMalloc> & layerFragments, WebCore::GraphicsContext & context, WebCore::GraphicsContext & contextForTransparencyLayer, const WebCore::LayoutRect & transparencyPaintDirtyRect, bool haveTransparency, const WebCore::RenderLayer::LayerPaintingInfo & localPaintingInfo, WTF::OptionSet<WebCore::PaintBehavior,0> paintBehavior, WebCore::RenderObject * subtreePaintRootForRenderer) Line 4369 C++
WebCore.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag,0> paintFlags) Line 3688 C++
WebCore.dll!WebCore::RenderLayer::paintList(WebCore::RenderLayer::LayerList layerIterator, WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag,0> paintFlags) Line 4063 C++
WebCore.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag,0> paintFlags) Line 3684 C++
WebCore.dll!WebCore::RenderLayer::paintList(WebCore::RenderLayer::LayerList layerIterator, WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag,0> paintFlags) Line 4063 C++
WebCore.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag,0> paintFlags) Line 3684 C++
WebCore.dll!WebCore::RenderLayer::paint(WebCore::GraphicsContext & context, const WebCore::LayoutRect & damageRect, const WebCore::LayoutSize & subpixelOffset, WTF::OptionSet<WebCore::PaintBehavior,0> paintBehavior, WebCore::RenderObject * subtreePaintRoot, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag,0> paintFlags, WebCore::RenderLayer::SecurityOriginPaintPolicy paintPolicy, WebCore::RegionContext * regionContext) Line 3227 C++
WebCore.dll!WebCore::LocalFrameView::paintContents(WebCore::GraphicsContext & context, const WebCore::IntRect & dirtyRect, WebCore::Widget::SecurityOriginPaintPolicy securityOriginPaintPolicy, WebCore::RegionContext * regionContext) Line 5560 C++
WebCore.dll!WebCore::ScrollView::paint(WebCore::GraphicsContext & context, const WebCore::IntRect & rect, WebCore::Widget::SecurityOriginPaintPolicy securityOriginPaintPolicy, WebCore::RegionContext * regionContext) Line 1433 C++
WebKit2.dll!WebKit::WebPage::drawRect(WebCore::GraphicsContext & graphicsContext, const WebCore::IntRect & rect) Line 2443 C++
WebKit2.dll!WebKit::DrawingAreaWC::sendUpdateNonAC() Line 366 C++
WebKit2.dll!WebKit::DrawingAreaWC::updateRendering() Line 253 C++
[Inline Frame] WebKit2.dll!WebCore::Timer::Timer<WebKit::DrawingAreaWC,WebKit::DrawingAreaWC>::<lambda_1>::operator()() Line 175 C++
WebKit2.dll!WTF::Detail::CallableWrapper<`lambda at S:\WebKit\WebKitBuild\Release\WebCore\PrivateHeaders\WebCore\Timer.h:173:22',void>::call() Line 53 C++
WebCore.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 142 C++
WebCore.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 89 C++
[External Code]
JavaScriptCore.dll!WTF::RunLoop::run() Line 88 C++
[Inline Frame] WebKit2.dll!WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess,1>::run(int argc, char * * argv) Line 77 C++
[Inline Frame] WebKit2.dll!WebKit::AuxiliaryProcessMain(int argc, char * * argv) Line 103 C++
WebKit2.dll!WebKit::WebProcessMain(int argc, char * * argv) Line 44 C++
WebKitWebProcess.exe!main(int argc, char * * argv) Line 35 C++
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Ian Grunert
Can't read the __vfptr table of `this`, crashes on the `call` instruction for `this->onDrawTextBlob(blob, x, y, paint);`.
Carlos Garcia Campos
You are rendering in the GPU process, right? So, your graphics context is the display list one, not a GraphicsContextSkia. We are assuming it's the only possible graphics context when replaying the glyphs cache display list.
Carlos Garcia Campos
Pull request: https://github.com/WebKit/WebKit/pull/52061
Carlos Garcia Campos
Could you try the PR, please?
Ian Grunert
I can confirm this fixes the crash, thanks!
EWS
Committed 301321@main (a1fe0eb97823): <https://commits.webkit.org/301321@main>
Reviewed commits have been landed. Closing PR #52061 and removing active labels.
Radar WebKit Bug Importer
<rdar://problem/162384119>
Radar WebKit Bug Importer
<rdar://problem/162384066>