Bug 134593 - [GTK] [Stable] Crash in TSymbolTableLevel::~TSymbolTableLevel with GCC 4.9
Summary: [GTK] [Stable] Crash in TSymbolTableLevel::~TSymbolTableLevel with GCC 4.9
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-03 07:14 PDT by Alberto Garcia
Modified: 2014-07-04 00:14 PDT (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alberto Garcia 2014-07-03 07:14:14 PDT
There's a bug in ANGLE triggered with GCC 4.9.

It crashes the WebProcess when you open some sites like http://gabrielecirulli.github.io/2048/

(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00007f24f4756b17 in TSymbolTableLevel::~TSymbolTableLevel() () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#2  0x00007f24f4707891 in TCompiler::compile(char const* const*, unsigned long, int) () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#3  0x00007f24f47554dc in ShCompile () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#4  0x00007f24f4aca780 in WebCore::ANGLEWebKitBridge::compileShaderSource(char const*, WebCore::ANGLEShaderType, WTF::String&, WTF::String&, WTF::Vector<WebCore::ANGLEShaderSymbol, 0ul, WTF::CrashOnOverflow>&, int) () from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25
#5  0x00007f24f4abedc0 in WebCore::Extensions3DOpenGLCommon::getTranslatedShaderSourceANGLE(unsigned int) ()
   from /tmp/WebKit/WebKitBuild/Release/.libs/libwebkit2gtk-3.0.so.25


master is not affected by this, but the stable branch (2.4.3) is. This has been reported and fixed upstream:

https://code.google.com/p/angleproject/issues/detail?id=651

However the patch doesn't apply cleanly against the ANGLE version in our stable branch. This one, also posted there, and apparently used by Mozilla, does work, though:

--- a/Source/ThirdParty/ANGLE/src/compiler/SymbolTable.cpp
+++ b/Source/ThirdParty/ANGLE/src/compiler/SymbolTable.cpp
@@ -171,7 +171,8 @@ TFunction::~TFunction()
 TSymbolTableLevel::~TSymbolTableLevel()
 {
     for (tLevel::iterator it = level.begin(); it != level.end(); ++it)
-        delete (*it).second;
+        if ((*it).first == (*it).second->getMangledName())
+            delete (*it).second;
 }

 //
Comment 1 Carlos Garcia Campos 2014-07-03 08:29:05 PDT
I wonder why master is not affected, though.
Comment 2 Alberto Garcia 2014-07-03 10:59:06 PDT
(In reply to comment #1)
> I wonder why master is not affected, though.

Doesn't it have a different version of ANGLE?
Comment 3 Carlos Garcia Campos 2014-07-03 11:50:39 PDT
(In reply to comment #2)
> (In reply to comment #1)
> > I wonder why master is not affected, though.
> 
> Doesn't it have a different version of ANGLE?

Yes, but the fix you mention is not there.
Comment 4 Alberto Garcia 2014-07-04 00:06:19 PDT
(In reply to comment #3)
> (In reply to comment #2)
> > (In reply to comment #1)
> > > I wonder why master is not affected, though.
> > 
> > Doesn't it have a different version of ANGLE?
> 
> Yes, but the fix you mention is not there.

In master it was solved using a different fix, which seems more efficient:

https://chromium.googlesource.com/angle/angle/+/adfffe4649d622bab6957972663a852f123b5ea7%5E%21/

This doesn't apply cleanly in the stable branch (there's actually lots of conflicts) but we could try to see if it's easy to backport, the changes themselves don't seem complex.

Or we can just stick to the simple version in the stable branch.
Comment 5 Carlos Garcia Campos 2014-07-04 00:07:38 PDT
(In reply to comment #4)
> (In reply to comment #3)
> > (In reply to comment #2)
> > > (In reply to comment #1)
> > > > I wonder why master is not affected, though.
> > > 
> > > Doesn't it have a different version of ANGLE?
> > 
> > Yes, but the fix you mention is not there.
> 
> In master it was solved using a different fix, which seems more efficient:
> 
> https://chromium.googlesource.com/angle/angle/+/adfffe4649d622bab6957972663a852f123b5ea7%5E%21/
> 
> This doesn't apply cleanly in the stable branch (there's actually lots of conflicts) but we could try to see if it's easy to backport, the changes themselves don't seem complex.
> 
> Or we can just stick to the simple version in the stable branch.

The stable branch is using an older version of ANGLE, so let's use the simple patch for now that fixes the crashes.
Comment 6 Carlos Garcia Campos 2014-07-04 00:14:27 PDT
Commited <http://trac.webkit.org/changeset/170788>