WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
221789
[CoordinatedGraphics] SIGSEGV in TextureMapperLayer::paintSelf()
https://bugs.webkit.org/show_bug.cgi?id=221789
Summary
[CoordinatedGraphics] SIGSEGV in TextureMapperLayer::paintSelf()
Alexandr Gavriliuc
Reported
2021-02-11 17:24:46 PST
It seems the pointer m_contentsLayer becomes invalid but is not set to NULL Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp : 165 void TextureMapperLayer::paintSelf(const TextureMapperPaintOptions& options) { if (!m_state.visible || !m_state.contentsVisible) return; ... if (!m_contentsLayer) return; if (!m_state.contentsTileSize.isEmpty()) { options.textureMapper.setWrapMode(TextureMapper::RepeatWrap); auto patternTransform = TransformationMatrix::rectToRect({ { }, m_state.contentsTileSize }, { { }, m_state.contentsRect.size() }) .translate(m_state.contentsTilePhase.width() / m_state.contentsRect.width(), m_state.contentsTilePhase.height() / m_state.contentsRect.height()); options.textureMapper.setPatternTransform(patternTransform); } ASSERT(!layerRect().isEmpty()); /// SIGSEGV on the following line: m_contentsLayer->paintToTextureMapper(options.textureMapper, m_state.contentsRect, transform, options.opacity); if (m_state.showDebugBorders) m_contentsLayer->drawBorder(options.textureMapper, m_state.debugBorderColor, m_state.debugBorderWidth, m_state.contentsRect, transform); } Callstack | 1|paintSelf |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:165 | 2|paintSelfAndChildren |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:180 | 3|paintSelfAndChildrenWithReplica|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 | 4|paintRecursive |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 | 5|paintSelfAndChildren |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 | 6|paintSelfAndChildrenWithReplica|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 | 7|paintRecursive |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 | 8|paintSelfAndChildren |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 | 9|paintSelfAndChildrenWithReplica|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 |10|paintRecursive |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 |11|paintSelfAndChildren |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 |12|paintSelfAndChildrenWithReplica|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 |13|paintRecursive |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 |14|paintSelfAndChildren |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 |15|paintSelfAndChildrenWithReplica|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 |16|paintRecursive |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 |17|paintSelfAndChildren |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 |18|paintSelfAndChildrenWithReplica|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 |19|paintRecursive |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 |20|paintSelfAndChildren |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 |21|paintSelfAndChildrenWithReplica|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 |22|paintRecursive |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 |23|paintSelfAndChildren |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 |24|paintSelfAndChildrenWithReplica|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 |25|paintRecursive |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 |26|paint |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:110 |27|paintToCurrentGLContext |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:97 |28|renderLayerTree |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:302 |29|updateTimerFired |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/build/DerivedSources/ForwardingHeaders/wtf/Function.h:56 |30|_FUN |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:170 |31|g_main_context_dispatch |/usr/src/debug/glib-2.0/1_2.48.2-r0/glib-2.48.2/glib/gmain.c:3154 |32|g_main_context_iterate |/usr/src/debug/glib-2.0/1_2.48.2-r0/glib-2.48.2/glib/gmain.c:3844 |33|g_main_loop_run |/usr/src/debug/glib-2.0/1_2.48.2-r0/glib-2.48.2/glib/gmain.c:4038 |34|run |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:96 |35|entryPoint |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WTF/wtf/Function.h:56 |36|wtfThreadEntryPoint |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WTF/wtf/ThreadingPthreads.cpp:215 |37|start_thread |/usr/src/debug/glibc/2.24-r0/git/nptl/pthread_create.c:458 |38|clone |/lib/libc-2.24.so
Attachments
Add attachment
proposed patch, testcase, etc.
Fujii Hironori
Comment 1
2021-02-14 23:48:07 PST
Comment hidden (obsolete)
CoordinatedBackingStore is created in the compositor thread, and stored in ImageBackingTextureMapperImpl::m_compositionState::backingStore.
https://github.com/WebKit/WebKit/blob/d3936e832f436bb9e3b552dd42948e5ba4239c67/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp#L159
However, ImageBackingTextureMapperImpl is destructed in the main thread.
https://github.com/WebKit/WebKit/blob/d3936e832f436bb9e3b552dd42948e5ba4239c67/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp#L876
https://github.com/WebKit/WebKit/blob/d3936e832f436bb9e3b552dd42948e5ba4239c67/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp#L905
Radar WebKit Bug Importer
Comment 2
2021-02-18 17:25:14 PST
<
rdar://problem/74501717
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug