Bug 82992

Summary:

[Qt] Crash in ~GraphicsContext3D() when init failed

Product:

WebKit

Reporter:

Srikumar B <srikumar.b>

Component:

Platform

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

luiz, srikumar.b, webkit.review.bot

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

Linux

Attachments:

Description	Flags
proposed patch to fix the crash in qt port	none

Description Srikumar B 2012-04-02 18:38:26 PDT

webkit crashes while destructing GraphicsContext3D object when the init failed in GraphicsContext3D constructor.

We are trying to access and deallocate member variables which are never been allocated when constructor init failed in Source/WebCore/platform/graphics/qt/GraphicsContext3DQt.cpp


Here is the backtrack for the crash

#0  0xb62bcc76 in WTF::OwnPtr<WebCore::GraphicsContext3DPrivate>::operator-> (this=0x8e1bad8) at ../../../../Source/WTF/wtf/OwnPtr.h:64
#1  0xb62bc392 in WebCore::GraphicsContext3D::makeContextCurrent (this=0x8e1b9c8) at ../../../../Source/WebCore/platform/graphics/qt/GraphicsContext3DQt.cpp:390
#2  0xb62bc11e in WebCore::GraphicsContext3D::~GraphicsContext3D (this=0x8e1b9c8, __in_chrg=<value optimized out>) at ../../../../Source/WebCore/platform/graphics/qt/GraphicsContext3DQt.cpp:351
#3  0xb62ab55b in WTF::RefCounted<WebCore::GraphicsContext3D>::deref (this=0x8e1b9c8) at ../../../../Source/WTF/wtf/RefCounted.h:190
#4  0xb62a9657 in WTF::derefIfNotNull<WebCore::GraphicsContext3D> (ptr=0x8e1b9c8) at ../../../../Source/WTF/wtf/PassRefPtr.h:52
#5  0xb62a6f21 in WTF::RefPtr<WebCore::GraphicsContext3D>::~RefPtr (this=0xbfffd42c, __in_chrg=<value optimized out>) at ../../../../Source/WTF/wtf/RefPtr.h:58
#6  0xb62bba0e in WebCore::GraphicsContext3D::create (attrs=..., hostWindow=0x82a3d20, renderStyle=WebCore::GraphicsContext3D::RenderOffscreen) at ../../../../Source/WebCore/platform/graphics/qt/GraphicsContext3DQt.cpp:243
#7  0xb629032b in WebCore::WebGLRenderingContext::create (canvas=0x8e1df90, attrs=0x8e1b5a0) at ../../../../Source/WebCore/html/canvas/WebGLRenderingContext.cpp:409
#8  0xb5b5427d in WebCore::HTMLCanvasElement::getContext (this=0x8e1df90, type=..., attrs=0x8e1b5a0) at ../../../../Source/WebCore/html/HTMLCanvasElement.cpp:202
#9  0xb57463ea in WebCore::JSHTMLCanvasElement::getContext (this=0xa7a59e40, exec=0xa88672a8) at ../../../../Source/WebCore/bindings/js/JSHTMLCanvasElementCustom.cpp:75
#10 0xb647cbee in WebCore::jsHTMLCanvasElementPrototypeFunctionGetContext (exec=0xa88672a8) at generated/JSHTMLCanvasElement.cpp:208
#11 0xa7e7b309 in ?? ()
#12 0xb6789e29 in JSC::JITCode::execute (this=0xa7f210b0, registerFile=0x8497ba4, callFrame=0xa8867038, globalData=0x82f0258) at ../../../../Source/JavaScriptCore/jit/JITCode.h:127
#13 0xb6786a48 in JSC::Interpreter::execute (this=0x8497b98, program=0xa7f210a0, callFrame=0xa7fffcb4, scopeChain=0xa7fdffe0, thisObj=0xa803ffc0) at ../../../../Source/JavaScriptCore/interpreter/Interpreter.cpp:1198
#14 0xb6845f44 in JSC::evaluate (exec=0xa7fffcb4, scopeChain=0xa7fdffe0, source=..., thisValue=..., returnedException=0xbfffe1b4) at ../../../../Source/JavaScriptCore/runtime/Completion.cpp:73
#15 0xb575012e in WebCore::JSMainThreadExecState::evaluate (exec=0xa7fffcb4, chain=0xa7fdffe0, source=..., thisValue=..., exception=0xbfffe1b4) at ../../../../Source/WebCore/bindings/js/JSMainThreadExecState.h:76
#16 0xb577e495 in WebCore::ScriptController::evaluateInWorld (this=0x82ee478, sourceCode=..., world=0x84980c8) at ../../../../Source/WebCore/bindings/js/ScriptController.cpp:145
#17 0xb577e5ca in WebCore::ScriptController::evaluate (this=0x82ee478, sourceCode=...) at ../../../../Source/WebCore/bindings/js/ScriptController.cpp:162
#18 0xb5a32933 in WebCore::ScriptElement::executeScript (this=0x870add8, sourceCode=...) at ../../../../Source/WebCore/dom/ScriptElement.cpp:290
#19 0xb5a322a5 in WebCore::ScriptElement::prepareScript (this=0x870add8, scriptStartPosition=..., supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute) at ../../../../Source/WebCore/dom/ScriptElement.cpp:235
#20 0xb5bf026d in WebCore::HTMLScriptRunner::runScript (this=0x82c6468, script=0x870ad98, scriptStartPosition=...) at ../../../../Source/WebCore/html/parser/HTMLScriptRunner.cpp:296

Comment 1 Srikumar B 2012-04-02 18:57:58 PDT

Created attachment 135255 [details]
proposed patch to fix the crash in qt port

The changes fix the crash issue when GraphicsContext3D init fails for Qt port

Comment 2 WebKit Review Bot 2012-04-03 18:44:27 PDT

Comment on attachment 135255 [details]
proposed patch to fix the crash in qt port

Clearing flags on attachment: 135255

Committed r113123: <http://trac.webkit.org/changeset/113123>

Comment 3 WebKit Review Bot 2012-04-03 18:44:31 PDT

All reviewed patches have been landed.  Closing bug.