NEW 215037
Crash in rx::RendererGL::getRendererDescription() 
https://bugs.webkit.org/show_bug.cgi?id=215037
Summary Crash in rx::RendererGL::getRendererDescription()
Dean Jackson
Reported 2020-07-31 15:25:26 PDT
Seen on iOS builds. Thread 7 name: WebThread Thread 7 Crashed ↩: 0 libsystem_platform.dylib 0x00000001a6d257c4 _platform_strlen + 4 1 WebCore 0x00000001b1eddd78 std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::basic_string<std::nullptr_t>(char const*) + 48 (__string:217) 2 WebCore 0x00000001b2058180 rx::RendererGL::getRendererDescription() const + 76 (RendererGL.cpp:263) 3 WebCore 0x00000001b1ef4a74 gl::Context::initRendererString() + 224 (Context.cpp:2847) 4 WebCore 0x00000001b1ef47bc gl::Context::makeCurrent(egl::Display*, egl::Surface*, egl::Surface*) + 92 (Context.cpp:611) 5 WebCore 0x00000001b1f3c3d4 egl::Display::makeCurrent(egl::Thread const*, egl::Surface*, egl::Surface*, gl::Context*) + 204 (Display.cpp:1114) 6 WebCore 0x00000001b1f46454 EGL_MakeCurrent + 212 (entry_points_egl.cpp:449) 7 WebCore 0x00000001b0979a4c WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL(WebCore::GraphicsContextGLAttributes, WebCore::HostWindow*, WebCore::GraphicsContextGL::Destination, WebCore::GraphicsContextGLOpenGL*) + 1756 (GraphicsContextGLOpenGLCocoa.mm:382) 8 WebCore 0x00000001b09790a8 WebCore::GraphicsContextGLOpenGL::create(WebCore::GraphicsContextGLAttributes, WebCore::HostWindow*, WebCore::GraphicsContextGL::Destination) + 168 (GraphicsContextGLOpenGLCocoa.mm:188) 9 WebCore 0x00000001b136f698 WebCore::WebGLRenderingContextBase::create(WebCore::CanvasBase&, WebCore::GraphicsContextGLAttributes&, WTF::String const&) + 1156 (WebGLRenderingContextBase.cpp:704) 10 WebCore 0x00000001b1212edc WebCore::HTMLCanvasElement::getContext(JSC::JSGlobalObject&, WTF::String const&, WTF::Vector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) + 896 (HTMLCanvasElement.cpp:438) 11 WebCore 0x00000001b0345e5c WebCore::jsHTMLCanvasElementPrototypeFunctionGetContext(JSC::JSGlobalObject*, JSC::CallFrame*) + 508 (JSHTMLCanvasElement.cpp:313) So this is a UIWebView (using WebKit1).
Attachments
Add attachment proposed patch, testcase, etc.
Dean Jackson
Comment 1 2020-07-31 15:26:05 PDT
<rdar://problem/65678320>
Dean Jackson
Comment 2 2020-07-31 15:50:28 PDT
The return value of glGetString(GL_VENDOR) or GL_RENDERER is 0, and then we crash. We could add guards around that, but the cause could be that ANGLE has been unable to create the context properly, in which case it would simply move the crash elsewhere.
Dean Jackson
Comment 3 2020-07-31 15:51:22 PDT
All the reports we've received are coming from the GasBuddy app, which is pretty weird.
Dean Jackson
Comment 4 2020-07-31 15:52:35 PDT
Ah, not all. Also the GE and NASCARMobile apps. But GasBuddy is by far the biggest source (could be that it is a much more popular app).
Kenneth Russell
Comment 5 2020-07-31 16:09:00 PDT
Did a different thread in the app accidentally initialize ANGLE? This sort of failure mode happens when there's no OpenGL context current on the current thread - a guard against a null renderer string wouldn't help in this case. Need to understand whether a different thread caused eglInitialize to get called.
Jonah RD
Comment 6 2020-08-03 09:39:29 PDT
The app probably shouldn't be using an ANGLE context in a different thread, but if this is a simple case of creating an ANGLE context on one thread, and then switching all future ANGLE work over to another thread, it should be fixed here: https://chromium.googlesource.com/angle/angle/+/69a78e6d8d3f01e1de5122c9a8e756f56677ea6b Do you know if this version of WebKit contains that change?
Alex Christensen
Comment 7 2020-08-04 13:01:36 PDT
It looks like that change was included in https://trac.webkit.org/changeset/265064/webkit
Note You need to log in before you can comment on or make changes to this bug.