139300 – [GTK][EFL]Crash in WebCore::IntSize::width

Bug 139300 - [GTK][EFL]Crash in WebCore::IntSize::width

Summary: [GTK][EFL]Crash in WebCore::IntSize::width

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Plug-ins (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2014-12-05 09:00 PST by Renata Hodovan
Modified:	2016-03-22 12:39 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Test case (58 bytes, text/html) 2014-12-05 09:00 PST, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2014-12-05 09:00:57 PST

Created attachment 242633 [details]
Test case

Load this test with release or debug WebKit:

<embed height="753193" width="751" type="video/quicktime">


Note: I only tested it on a GTK build so it could be a port specific issue. It'd be nice if someone could verify it.


Backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff98927700 (LWP 15612)]
0x00007ffff2780db4 in WebCore::IntSize::width (this=0x8) at ../../Source/WebCore/platform/graphics/IntSize.h:67
67	    int width() const { return m_width; }
#0  0x00007ffff2780db4 in WebCore::IntSize::width (this=0x8) at ../../Source/WebCore/platform/graphics/IntSize.h:67
#1  0x00007ffff2a7a0b1 in WebKit::ShareableBitmap::numBytesForSize (size=...) at ../../Source/WebKit2/Shared/cairo/ShareableBitmapCairo.cpp:45
#2  0x00007ffff2780686 in WebKit::ShareableBitmap::createShareable (size=..., flags=1) at ../../Source/WebKit2/Shared/ShareableBitmap.cpp:80
#3  0x00007ffff2993386 in WebKit::PluginProxy::geometryDidChange (this=0x814d90) at ../../Source/WebKit2/WebProcess/Plugins/PluginProxy.cpp:274
#4  0x00007ffff29935ca in WebKit::PluginProxy::geometryDidChange (this=0x814d90, pluginSize=..., clipRect=..., pluginToRootViewTransform=...) at ../../Source/WebKit2/WebProcess/Plugins/PluginProxy.cpp:301
#5  0x00007ffff299f693 in WebKit::PluginView::viewGeometryDidChange (this=0x59d6c0) at ../../Source/WebKit2/WebProcess/Plugins/PluginView.cpp:1076
#6  0x00007ffff299daf2 in WebKit::PluginView::didInitializePlugin (this=0x59d6c0) at ../../Source/WebKit2/WebProcess/Plugins/PluginView.cpp:626
#7  0x00007ffff2992c32 in WebKit::PluginProxy::didCreatePluginInternal (this=0x814d90, wantsWheelEvents=false, remoteLayerClientID=0) at ../../Source/WebKit2/WebProcess/Plugins/PluginProxy.cpp:170
#8  0x00007ffff2992b1a in WebKit::PluginProxy::initializeSynchronously (this=0x814d90) at ../../Source/WebKit2/WebProcess/Plugins/PluginProxy.cpp:140
#9  0x00007ffff29927fa in WebKit::PluginProxy::initialize (this=0x814d90, parameters=...) at ../../Source/WebKit2/WebProcess/Plugins/PluginProxy.cpp:112
#10 0x00007ffff298ba58 in WebKit::Plugin::initialize (this=0x814d90, pluginController=0x59d6f8, parameters=...) at ../../Source/WebKit2/WebProcess/Plugins/Plugin.cpp:95
#11 0x00007ffff299d97c in WebKit::PluginView::initializePlugin (this=0x59d6c0) at ../../Source/WebKit2/WebProcess/Plugins/PluginView.cpp:601
#12 0x00007ffff299e3aa in WebKit::PluginView::setParent (this=0x59d6c0, scrollView=0x76c600) at ../../Source/WebKit2/WebProcess/Plugins/PluginView.cpp:821
#13 0x00007ffff376444e in WebCore::ScrollView::addChild (this=0x76c600, prpChild=...) at ../../Source/WebCore/platform/ScrollView.cpp:68
#14 0x00007ffff3b43d33 in WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets (this=0x7fffffffd31f) at ../../Source/WebCore/rendering/RenderWidget.cpp:66
#15 0x00007ffff30467d9 in WebCore::WidgetHierarchyUpdatesSuspensionScope::~WidgetHierarchyUpdatesSuspensionScope (this=0x7fffffffd31f, __in_chrg=<optimized out>) at ../../Source/WebCore/rendering/RenderWidget.h:43
#16 0x00007ffff36a17cf in WebCore::FrameView::updateEmbeddedObjects (this=0x76c600) at ../../Source/WebCore/page/FrameView.cpp:2856
#17 0x00007ffff36a1847 in WebCore::FrameView::updateEmbeddedObjectsTimerFired (this=0x76c600) at ../../Source/WebCore/page/FrameView.cpp:2864
#18 0x00007ffff36b6b6d in std::_Mem_fn<void (WebCore::FrameView::*)()>::operator()<, void>(WebCore::FrameView*) const (this=0x59fbe0, __object=0x76c600) at /usr/include/c++/4.8/functional:601
#19 0x00007ffff36b574c in std::_Bind<std::_Mem_fn<void (WebCore::FrameView::*)()> (WebCore::FrameView*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (this=0x59fbe0, __args=<unknown type in /home/reni/data/REPOS/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x36cd46fa, DIE 0x36ec41a5>) at /usr/include/c++/4.8/functional:1296
#20 0x00007ffff36b3546 in std::_Bind<std::_Mem_fn<void (WebCore::FrameView::*)()> (WebCore::FrameView*)>::operator()<, void>() (this=0x59fbe0) at /usr/include/c++/4.8/functional:1355
#21 0x00007ffff36b01eb in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebCore::FrameView::*)()> (WebCore::FrameView*)> >::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/4.8/functional:2071
#22 0x00007ffff2727ec6 in std::function<void ()>::operator()() const (this=0x76c850) at /usr/include/c++/4.8/functional:2464
#23 0x00007ffff272583c in WebCore::Timer::fired (this=0x76c818) at ../../Source/WebCore/platform/Timer.h:132
#24 0x00007ffff377954f in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x76c590) at ../../Source/WebCore/platform/ThreadTimers.cpp:132
#25 0x00007ffff37793fd in WebCore::ThreadTimers::sharedTimerFired () at ../../Source/WebCore/platform/ThreadTimers.cpp:107
#26 0x00007ffff30f05dc in std::_Function_handler<void (), void (*)()>::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/4.8/functional:2071
#27 0x00007ffff2727ec6 in std::function<void ()>::operator()() const (this=0x7fffffffd568) at /usr/include/c++/4.8/functional:2464
#28 0x00007fffedc13d90 in WTF::GMainLoopSource::voidCallback (this=0x7ffff7dd4340 <WebCore::gSharedTimer>) at ../../Source/WTF/wtf/gobject/GMainLoopSource.cpp:365
#29 0x00007fffedc14501 in WTF::GMainLoopSource::voidSourceCallback (source=0x7ffff7dd4340 <WebCore::gSharedTimer>) at ../../Source/WTF/wtf/gobject/GMainLoopSource.cpp:456
#30 0x00007fffedc12f0d in WTF::__lambda0::operator() (__closure=0x0, source=0x7401c0, callback=0x7fffedc144de <WTF::GMainLoopSource::voidSourceCallback(WTF::GMainLoopSource*)>, userData=0x7ffff7dd4340 <WebCore::gSharedTimer>) at ../../Source/WTF/wtf/gobject/GMainLoopSource.cpp:248
#31 0x00007fffedc12f7b in WTF::__lambda0::_FUN (source=0x7401c0, callback=0x7fffedc144de <WTF::GMainLoopSource::voidSourceCallback(WTF::GMainLoopSource*)>, userData=0x7ffff7dd4340 <WebCore::gSharedTimer>) at ../../Source/WTF/wtf/gobject/GMainLoopSource.cpp:252
#32 0x00007fffeaa10a1d in g_main_dispatch (context=0x478020) at gmain.c:3064
#33 g_main_context_dispatch (context=context@entry=0x478020) at gmain.c:3663
#34 0x00007fffeaa10d88 in g_main_context_iterate (context=0x478020, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3734
#35 0x00007fffeaa1104a in g_main_loop_run (loop=0x8eb810) at gmain.c:3928
#36 0x00007ffff45df9dc in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59
#37 0x00007ffff2b44f82 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd978) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#38 0x00007ffff2b44de7 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd978) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73
#39 0x0000000000400891 in main (argc=2, argv=0x7fffffffd978) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

Comment 1 Brent Fulgham 2015-08-25 16:22:38 PDT

I can't reproduce this on OS X or Windows.

Comment 2 Brent Fulgham 2016-03-22 09:40:15 PDT

I still cannot reproduce this. I'll tag this as GTK. If the GTK port cannot reproduce I think we should close this.

Comment 3 Renata Hodovan 2016-03-22 12:39:07 PDT

(In reply to comment #2)
> I still cannot reproduce this. I'll tag this as GTK. If the GTK port cannot
> reproduce I think we should close this.

You are right. This is an old and invalid issue. I've checked it both on EFL, GTK and Mac builds and none of them repro it anymore.