WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED DUPLICATE of
bug 237389
223940
Crash in WebCore::Style::determineChange
https://bugs.webkit.org/show_bug.cgi?id=223940
Summary
Crash in WebCore::Style::determineChange
Ivan Molodetskikh
Reported
2021-03-30 11:03:12 PDT
Created
attachment 424661
[details]
bt full Touchpad-scrolling back and forth on
https://quavergame.com/user/273
results in a crash. #0 std::__uniq_ptr_impl<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::_M_ptr() const (this=0x8) at /usr/include/c++/10.2.0/bits/unique_ptr.h:421 #1 std::unique_ptr<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::get() const (this=0x8) at /usr/include/c++/10.2.0/bits/unique_ptr.h:422 #2 std::unique_ptr<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::operator*() const (this=0x8) at /usr/include/c++/10.2.0/bits/unique_ptr.h:407 #3 WebCore::CalculationValue::expression() const (this=0x0) at ../Source/WebCore/platform/CalculationValue.h:193 #4 WebCore::operator==(WebCore::CalculationValue const&, WebCore::CalculationValue const&) (b=..., a=...) at ../Source/WebCore/platform/CalculationValue.h:215 #5 WebCore::Length::isCalculatedEqual(WebCore::Length const&) const (this=this@entry=0x7ff3140f1650, other=...) at ../Source/WebCore/platform/Length.cpp:280 #6 0x00007ff3cd1d00dd in WebCore::Length::operator==(WebCore::Length const&) const (other=..., this=0x7ff3140f1650) at ../Source/WebCore/platform/Length.h:230 #7 WebCore::TranslateTransformOperation::operator==(WebCore::TransformOperation const&) const (this=0x7ff3140f1640, other=...) at ../Source/WebCore/platform/graphics/transforms/TranslateTransformOperation.cpp:35 #8 0x00007ff3cd1ca6a9 in WebCore::TransformOperation::operator!=(WebCore::TransformOperation const&) const (o=..., this=<optimized out>) at ../Source/WebCore/platform/graphics/transforms/TransformOperation.h:63 #9 WebCore::TransformOperations::operator==(WebCore::TransformOperations const&) const (this=0x7ff31c629ba8, o=...) at ../Source/WebCore/platform/graphics/transforms/TransformOperations.cpp:45 #10 0x00007ff3cd4c2eed in WebCore::StyleTransformData::operator==(WebCore::StyleTransformData const&) const (this=<optimized out>, other=...) at ../Source/WebCore/platform/Length.h:257 #11 0x00007ff3cd4c0b20 in WTF::DataRef<WebCore::StyleTransformData>::operator==(WTF::DataRef<WebCore::StyleTransformData> const&) const (other=..., this=0x7ff32436fa60) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43 #12 WebCore::StyleRareNonInheritedData::operator==(WebCore::StyleRareNonInheritedData const&) const (this=0x7ff32436fa00, o=...) at ../Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp:239 #13 0x00007ff3cd4a0096 in WTF::DataRef<WebCore::StyleRareNonInheritedData>::operator==(WTF::DataRef<WebCore::StyleRareNonInheritedData> const&) const (other=..., this=0x7ff350145468) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43 #14 WebCore::RenderStyle::operator==(WebCore::RenderStyle const&) const (other=..., this=0x7ff350145448) at ../Source/WebCore/rendering/style/RenderStyle.cpp:366 #15 WebCore::RenderStyle::operator==(WebCore::RenderStyle const&) const (this=this@entry=0x7ff350145448, other=...) at ../Source/WebCore/rendering/style/RenderStyle.cpp:357 #16 0x00007ff3cd540fa2 in WebCore::RenderStyle::operator!=(WebCore::RenderStyle const&) const (other=..., this=0x7ff350145448) at ../Source/WebCore/rendering/style/RenderStyle.h:163 #17 WebCore::Style::determineChange(WebCore::RenderStyle const&, WebCore::RenderStyle const&) (s1=..., s2=...) at ../Source/WebCore/style/StyleChange.cpp:58 #18 0x00007ff3cd54cfdf in WebCore::Style::TreeResolver::createAnimatedElementUpdate(std::unique_ptr<WebCore::RenderStyle, std::default_delete<WebCore::RenderStyle> >, WebCore::Styleable const&, WebCore::Style::Change) (this=0x7ffd79130ad0, newStyle=std::unique_ptr<WebCore::RenderStyle> = {...}, styleable=..., parentChange=WebCore::Style::Change::None) at /usr/include/c++/10.2.0/bits/unique_ptr.h:421 #19 0x00007ff3cd5547ac in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) (this=0x7ffd79130ad0, element=...) at /usr/include/c++/10.2.0/bits/unique_ptr.h:172 #20 0x00007ff3cd5550ff in WebCore::Style::TreeResolver::resolveComposedTree() (this=0x7ffd79130ad0) at ../Source/WebCore/style/StyleTreeResolver.cpp:533 #21 0x00007ff3cd555bd9 in WebCore::Style::TreeResolver::resolve() (this=this@entry=0x7ffd79130ad0) at ../Source/WebCore/style/StyleTreeResolver.cpp:591 #22 0x00007ff3cca1a629 in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (this=0x7ff3c0e09720, type=<optimized out>) at ../Source/WebCore/dom/Document.cpp:2056 #23 0x00007ff3cca1ada0 in WebCore::Document::updateStyleIfNeeded() (this=0x7ff3c0e09720) at ../Source/WebCore/dom/Document.cpp:2156 #24 0x00007ff3ccfdfeea in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (this=0x7ff3c0e08010) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43 #25 0x00007ff3ccffac09 in WebCore::Page::layoutIfNeeded() (this=this@entry=0x7ff3c278b500) at ../Source/WebCore/page/Page.cpp:1418 #26 0x00007ff3cd003259 in WebCore::Page::updateRendering() (this=0x7ff3c278b500) at ../Source/WebCore/page/Page.cpp:1532 #27 0x00007ff3cbdc2ead in WebKit::WebPage::updateRendering() (this=<optimized out>) at /usr/include/c++/10.2.0/bits/unique_ptr.h:421 #28 0x00007ff3cbdeef65 in WebKit::CompositingCoordinator::flushPendingLayerChanges() (this=0x7ff32438f100) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp:124 #29 0x00007ff3cbdf018b in WebKit::LayerTreeHost::layerFlushTimerFired() (this=0x7ff32438f000) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:147 #30 WebKit::LayerTreeHost::layerFlushTimerFired() (this=0x7ff32438f000) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:134 #31 0x00007ff3ca692605 in operator() (__closure=0x0, userData=0x7ff2e22a2718) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:176 #32 _FUN(gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:181 #33 0x00007ff3ca692883 in operator() (__closure=0x0, userData=0x7ff2e22a2718, callback=0x7ff3ca6925a0 <_FUN(gpointer)>, source=0x55f7f59b9df0) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #34 _FUN(GSource*, GSourceFunc, gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:56 #35 0x00007ff3caaa2e1f in g_main_dispatch (context=0x55f7f54b5ad0) at ../glib/gmain.c:3337 #36 g_main_context_dispatch (context=0x55f7f54b5ad0) at ../glib/gmain.c:4055 #37 0x00007ff3caaa31c8 in g_main_context_iterate (context=0x55f7f54b5ad0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4131 #38 0x00007ff3caaa34e3 in g_main_loop_run (loop=loop@entry=0x55f7f555d7f0) at ../glib/gmain.c:4329 #39 0x00007ff3ca6929e0 in WTF::RunLoop::run() () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:108 #40 0x00007ff3cbdff889 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argc=3, argv=0x7ffd79131508, this=0x7ffd791313a0) at ../Source/WebKit/Shared/AuxiliaryProcessMain.h:51 #41 WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argv=0x7ffd79131508, argc=3, this=0x7ffd791313a0) at ../Source/WebKit/Shared/AuxiliaryProcessMain.h:57 #42 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=3, argv=0x7ffd79131508) at ../Source/WebKit/Shared/AuxiliaryProcessMain.h:96 #43 0x00007ff3caef9062 in __libc_start_main (main=0x55f7f4ab86b0 <main(int, char**)>, argc=3, argv=0x7ffd79131508, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd791314f8) at ../csu/libc-start.c:308 #44 0x000055f7f4ab86ee in _start () at ../sysdeps/x86_64/start.S:120 Fedora 34, Wayland, Epiphany 40.0-39-gddca625ba+ on Flatpak using WebKitGTK 2.32.0.
Attachments
bt full
(66.65 KB, text/plain)
2021-03-30 11:03 PDT
,
Ivan Molodetskikh
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Ivan Molodetskikh
Comment 1
2021-03-30 11:27:21 PDT
Also got it on my desktop with mouse wheel scrolling in a maximized window. #0 0x00007fe337fa524c in std::__uniq_ptr_impl<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::_M_ptr() const (this=<optimized out>) at /usr/include/c++/10.2.0/bits/unique_ptr.h:421 #1 std::unique_ptr<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::get() const (this=<optimized out>) at /usr/include/c++/10.2.0/bits/unique_ptr.h:422 #2 std::unique_ptr<WebCore::CalcExpressionNode, std::default_delete<WebCore::CalcExpressionNode> >::operator*() const (this=<optimized out>) at /usr/include/c++/10.2.0/bits/unique_ptr.h:407 #3 WebCore::CalculationValue::expression() const (this=<optimized out>) at ../Source/WebCore/platform/CalculationValue.h:193 #4 WebCore::operator==(WebCore::CalculationValue const&, WebCore::CalculationValue const&) (b=..., a=...) at ../Source/WebCore/platform/CalculationValue.h:215 #5 WebCore::Length::isCalculatedEqual(WebCore::Length const&) const (this=this@entry=0x7fe22e818d58, other=...) at ../Source/WebCore/platform/Length.cpp:280 #6 0x00007fe3380de0dd in WebCore::Length::operator==(WebCore::Length const&) const (other=..., this=0x7fe22e818d58) at ../Source/WebCore/platform/Length.h:230 #7 WebCore::TranslateTransformOperation::operator==(WebCore::TransformOperation const&) const (this=0x7fe22e818d48, other=...) at ../Source/WebCore/platform/graphics/transforms/TranslateTransformOperation.cpp:35 #8 0x00007fe3380d86a9 in WebCore::TransformOperation::operator!=(WebCore::TransformOperation const&) const (o=..., this=<optimized out>) at ../Source/WebCore/platform/graphics/transforms/TransformOperation.h:63 #9 WebCore::TransformOperations::operator==(WebCore::TransformOperations const&) const (this=0x7fe20d09cb78, o=...) at ../Source/WebCore/platform/graphics/transforms/TransformOperations.cpp:45 #10 0x00007fe3383d0eed in WebCore::StyleTransformData::operator==(WebCore::StyleTransformData const&) const (this=<optimized out>, other=...) at ../Source/WebCore/platform/Length.h:257 #11 0x00007fe3383ceb20 in WTF::DataRef<WebCore::StyleTransformData>::operator==(WTF::DataRef<WebCore::StyleTransformData> const&) const (other=..., this=0x7fe20d09a260) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43 #12 WebCore::StyleRareNonInheritedData::operator==(WebCore::StyleRareNonInheritedData const&) const (this=0x7fe20d09a200, o=...) at ../Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp:239 #13 0x00007fe3383ae096 in WTF::DataRef<WebCore::StyleRareNonInheritedData>::operator==(WTF::DataRef<WebCore::StyleRareNonInheritedData> const&) const (other=..., this=0x7fe2c81c1708) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43 #14 WebCore::RenderStyle::operator==(WebCore::RenderStyle const&) const (other=..., this=0x7fe2c81c16e8) at ../Source/WebCore/rendering/style/RenderStyle.cpp:366 #15 WebCore::RenderStyle::operator==(WebCore::RenderStyle const&) const (this=this@entry=0x7fe2c81c16e8, other=...) at ../Source/WebCore/rendering/style/RenderStyle.cpp:357 #16 0x00007fe33844efa2 in WebCore::RenderStyle::operator!=(WebCore::RenderStyle const&) const (other=..., this=0x7fe2c81c16e8) at ../Source/WebCore/rendering/style/RenderStyle.h:163 #17 WebCore::Style::determineChange(WebCore::RenderStyle const&, WebCore::RenderStyle const&) (s1=..., s2=...) at ../Source/WebCore/style/StyleChange.cpp:58 #18 0x00007fe33845afdf in WebCore::Style::TreeResolver::createAnimatedElementUpdate(std::unique_ptr<WebCore::RenderStyle, std::default_delete<WebCore::RenderStyle> >, WebCore::Styleable const&, WebCore::Style::Change) (this=0x7ffcb80f9430, newStyle=std::unique_ptr<WebCore::RenderStyle> = {...}, styleable=..., parentChange=WebCore::Style::Change::None) at /usr/include/c++/10.2.0/bits/unique_ptr.h:421 #19 0x00007fe3384627ac in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) (this=0x7ffcb80f9430, element=...) at /usr/include/c++/10.2.0/bits/unique_ptr.h:172 #20 0x00007fe3384630ff in WebCore::Style::TreeResolver::resolveComposedTree() (this=0x7ffcb80f9430) at ../Source/WebCore/style/StyleTreeResolver.cpp:533 #21 0x00007fe338463bd9 in WebCore::Style::TreeResolver::resolve() (this=this@entry=0x7ffcb80f9430) at ../Source/WebCore/style/StyleTreeResolver.cpp:591 #22 0x00007fe337928629 in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (this=0x7fe32c508410, type=<optimized out>) at ../Source/WebCore/dom/Document.cpp:2056 #23 0x00007fe337928da0 in WebCore::Document::updateStyleIfNeeded() (this=0x7fe32c508410) at ../Source/WebCore/dom/Document.cpp:2156 #24 0x00007fe337eedeea in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (this=0x7fe22f78d3d8) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43 #25 0x00007fe337f08c09 in WebCore::Page::layoutIfNeeded() (this=this@entry=0x7fe32d68b500) at ../Source/WebCore/page/Page.cpp:1418 #26 0x00007fe337f11259 in WebCore::Page::updateRendering() (this=0x7fe32d68b500) at ../Source/WebCore/page/Page.cpp:1532 #27 0x00007fe336cd0ead in WebKit::WebPage::updateRendering() (this=<optimized out>) at /usr/include/c++/10.2.0/bits/unique_ptr.h:421 #28 0x00007fe336cfcf65 in WebKit::CompositingCoordinator::flushPendingLayerChanges() (this=0x7fe26c04c460) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp:124 #29 0x00007fe336cfe18b in WebKit::LayerTreeHost::layerFlushTimerFired() (this=0x7fe26c04c360) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:147 #30 WebKit::LayerTreeHost::layerFlushTimerFired() (this=0x7fe26c04c360) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:134 #31 0x00007fe3355a0605 in operator() (__closure=0x0, userData=0x7fe26c0ac238) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:176 #32 _FUN(gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:181 #33 0x00007fe3355a0883 in operator() (__closure=0x0, userData=0x7fe26c0ac238, callback=0x7fe3355a05a0 <_FUN(gpointer)>, source=0x55b1fdeb9ac0) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #34 _FUN(GSource*, GSourceFunc, gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:56 #35 0x00007fe3359b0e1f in g_main_dispatch (context=0x55b1fda6dad0) at ../glib/gmain.c:3337 #36 g_main_context_dispatch (context=0x55b1fda6dad0) at ../glib/gmain.c:4055 #37 0x00007fe3359b11c8 in g_main_context_iterate (context=0x55b1fda6dad0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4131 #38 0x00007fe3359b14e3 in g_main_loop_run (loop=loop@entry=0x55b1fdc16fe0) at ../glib/gmain.c:4329 #39 0x00007fe3355a09e0 in WTF::RunLoop::run() () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:108 #40 0x00007fe336d0d889 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argc=3, argv=0x7ffcb80f9e68, this=0x7ffcb80f9d00) at ../Source/WebKit/Shared/AuxiliaryProcessMain.h:51 #41 WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argv=0x7ffcb80f9e68, argc=3, this=0x7ffcb80f9d00) at ../Source/WebKit/Shared/AuxiliaryProcessMain.h:57 #42 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=3, argv=0x7ffcb80f9e68) at ../Source/WebKit/Shared/AuxiliaryProcessMain.h:96 #43 0x00007fe335e07062 in __libc_start_main (main=0x55b1fd90b6b0 <main(int, char**)>, argc=3, argv=0x7ffcb80f9e68, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcb80f9e58) at ../csu/libc-start.c:308 #44 0x000055b1fd90b6ee in _start () at ../sysdeps/x86_64/start.S:120
Alexey Proskuryakov
Comment 2
2021-03-30 11:57:43 PDT
FWIW, I cannot reproduce this in Safari.
Radar WebKit Bug Importer
Comment 3
2021-04-06 11:05:15 PDT
<
rdar://problem/76275065
>
Martin Robinson
Comment 4
2022-04-14 23:23:30 PDT
I'm fairly certain this is a duplicate of 237389. *** This bug has been marked as a duplicate of
bug 237389
***
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug