| Summary: | [Qt][WK2] Crash in drawUpdateChunkIntoBackingStore | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Andreas Kling <kling> | ||||
| Component: | WebKit2 | Assignee: | QtWebKit Unassigned <webkit-qt-unassigned> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | Keywords: | Qt, QtTriaged | ||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Attachments: |
|
||||||
|
Description
Andreas Kling
2010-10-29 19:37:03 PDT
Created attachment 72429 [details]
Proposed patch
Valgrind stack from such a crash (Invalid read of size 1): memcpy (mc_replace_strmem.c:497) qt_blend_rgb32_on_rgb32(unsigned char*, int, unsigned char const*, int, int, int, int) (string3.h:52) QRasterPaintEngine::drawImage(QPointF const&, QImage const&) (qpaintengine_raster.cpp:2490) QPainter::drawImage(QPointF const&, QImage const&) (qpainter.cpp:5618) WebKit::ChunkedUpdateDrawingAreaProxy::drawUpdateChunkIntoBackingStore(WebKit::UpdateChunk*) (qpainter.h:923) WebKit::ChunkedUpdateDrawingAreaProxy::didSetSize(WebKit::UpdateChunk*) (ChunkedUpdateDrawingAreaProxy.cpp:130) WebKit::ChunkedUpdateDrawingAreaProxy::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) (ChunkedUpdateDrawingAreaProxy.cpp:168) WebKit::ChunkedUpdateDrawingAreaProxy::paint(WebCore::IntRect const&, QPainter*) (ChunkedUpdateDrawingAreaProxy.cpp:70) QWKPagePrivate::paint(QPainter*, QRect) (qwkpage.cpp:149) _q_paintItem(QGraphicsItem*, QPainter*, QStyleOptionGraphicsItem const*, QWidget*, bool, bool) (qgraphicsscene.cpp:4314) QGraphicsScenePrivate::drawItemHelper(QGraphicsItem*, QPainter*, QStyleOptionGraphicsItem const*, QWidget*, bool) (qgraphicsscene.cpp:4427) QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (qgraphicsscene.cpp:4962) QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (qgraphicsscene.cpp:4853) QGraphicsScenePrivate::drawItems(QPainter*, QTransform const*, QRegion*, QWidget*) (qgraphicsscene.cpp:4735) QGraphicsView::paintEvent(QPaintEvent*) (qgraphicsview.cpp:3472) QWidget::event(QEvent*) (qwidget.cpp:8407) QFrame::event(QEvent*) (qframe.cpp:557) QGraphicsView::viewportEvent(QEvent*) (qgraphicsview.cpp:2867) QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (qcoreapplication.cpp:870) QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4443) QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4326) QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:760) QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (qcoreapplication.h:234) QWidgetBackingStore::sync() (qbackingstore.cpp:1325) QWidgetPrivate::syncBackingStore() (qwidget.cpp:1842) QWidget::event(QEvent*) (qwidget.cpp:8554) QMainWindow::event(QEvent*) (qmainwindow.cpp:1480) QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4447) QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4326) QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:760) QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.h:231) QGraphicsScenePrivate::_q_processDirtyItems() (qgraphicsview_p.h:200) QGraphicsScene::qt_metacall(QMetaObject::Call, int, void**) (moc_qgraphicsscene.cpp:130) QObject::event(QEvent*) (qobject.cpp:1192) QGraphicsScene::event(QEvent*) (qgraphicsscene.cpp:3545) QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4447) QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4326) QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:760) QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.h:231) postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qcoreapplication.h:236) g_main_context_dispatch (in /lib/libglib-2.0.so.0.2600.0) ??? (in /lib/libglib-2.0.so.0.2600.0) g_main_context_iteration (in /lib/libglib-2.0.so.0.2600.0) QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:417) QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qguieventdispatcher_glib.cpp:204) QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149) QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:201) QCoreApplication::exec() (qcoreapplication.cpp:1032) main (main.cpp:53) Comment on attachment 72429 [details]
Proposed patch
What size does it get by default?
(In reply to comment #3) > What size does it get by default? It would allocate width * height * 4 bytes, (UpdateChunk::size() returns this) but the default QImage ctor will prefer making every scanline 32-bit aligned. Comment on attachment 72429 [details] Proposed patch Clearing flags on attachment: 72429 Committed r70981: <http://trac.webkit.org/changeset/70981> All reviewed patches have been landed. Closing bug. |