WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
134593
[GTK] [Stable] Crash in TSymbolTableLevel::~TSymbolTableLevel with GCC 4.9
https://bugs.webkit.org/show_bug.cgi?id=134593
Summary
[GTK] [Stable] Crash in TSymbolTableLevel::~TSymbolTableLevel with GCC 4.9
Alberto Garcia
Reported
2014-07-03 07:14:14 PDT
There's a bug in ANGLE triggered with GCC 4.9. It crashes the WebProcess when you open some sites like
http://gabrielecirulli.github.io/2048/
(gdb) bt #0 0x0000000000000000 in ?? () #1 0x00007f24f4756b17 in TSymbolTableLevel::~TSymbolTableLevel() () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #2 0x00007f24f4707891 in TCompiler::compile(char const* const*, unsigned long, int) () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #3 0x00007f24f47554dc in ShCompile () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #4 0x00007f24f4aca780 in WebCore::ANGLEWebKitBridge::compileShaderSource(char const*, WebCore::ANGLEShaderType, WTF::String&, WTF::String&, WTF::Vector<WebCore::ANGLEShaderSymbol, 0ul, WTF::CrashOnOverflow>&, int) () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 #5 0x00007f24f4abedc0 in WebCore::Extensions3DOpenGLCommon::getTranslatedShaderSourceANGLE(unsigned int) () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25 master is not affected by this, but the stable branch (2.4.3) is. This has been reported and fixed upstream:
https://code.google.com/p/angleproject/issues/detail?id=651
However the patch doesn't apply cleanly against the ANGLE version in our stable branch. This one, also posted there, and apparently used by Mozilla, does work, though: --- a/Source/ThirdParty/ANGLE/src/compiler/SymbolTable.cpp +++ b/Source/ThirdParty/ANGLE/src/compiler/SymbolTable.cpp @@ -171,7 +171,8 @@ TFunction::~TFunction() TSymbolTableLevel::~TSymbolTableLevel() { for (tLevel::iterator it = level.begin(); it != level.end(); ++it) - delete (*it).second; + if ((*it).first == (*it).second->getMangledName()) + delete (*it).second; } //
Attachments
Add attachment
proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1
2014-07-03 08:29:05 PDT
I wonder why master is not affected, though.
Alberto Garcia
Comment 2
2014-07-03 10:59:06 PDT
(In reply to
comment #1
)
> I wonder why master is not affected, though.
Doesn't it have a different version of ANGLE?
Carlos Garcia Campos
Comment 3
2014-07-03 11:50:39 PDT
(In reply to
comment #2
)
> (In reply to
comment #1
) > > I wonder why master is not affected, though. > > Doesn't it have a different version of ANGLE?
Yes, but the fix you mention is not there.
Alberto Garcia
Comment 4
2014-07-04 00:06:19 PDT
(In reply to
comment #3
)
> (In reply to
comment #2
) > > (In reply to
comment #1
) > > > I wonder why master is not affected, though. > > > > Doesn't it have a different version of ANGLE? > > Yes, but the fix you mention is not there.
In master it was solved using a different fix, which seems more efficient:
https://chromium.googlesource.com/angle/angle/+/adfffe4649d622bab6957972663a852f123b5ea7%5E%21/
This doesn't apply cleanly in the stable branch (there's actually lots of conflicts) but we could try to see if it's easy to backport, the changes themselves don't seem complex. Or we can just stick to the simple version in the stable branch.
Carlos Garcia Campos
Comment 5
2014-07-04 00:07:38 PDT
(In reply to
comment #4
)
> (In reply to
comment #3
) > > (In reply to
comment #2
) > > > (In reply to
comment #1
) > > > > I wonder why master is not affected, though. > > > > > > Doesn't it have a different version of ANGLE? > > > > Yes, but the fix you mention is not there. > > In master it was solved using a different fix, which seems more efficient: > >
https://chromium.googlesource.com/angle/angle/+/adfffe4649d622bab6957972663a852f123b5ea7%5E%21/
> > This doesn't apply cleanly in the stable branch (there's actually lots of conflicts) but we could try to see if it's easy to backport, the changes themselves don't seem complex. > > Or we can just stick to the simple version in the stable branch.
The stable branch is using an older version of ANGLE, so let's use the simple patch for now that fixes the crashes.
Carlos Garcia Campos
Comment 6
2014-07-04 00:14:27 PDT
Commited <
http://trac.webkit.org/changeset/170788
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug