WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
252435
[GTK] gdk_memory_texture_new: assertion 'width > 0' failed in cairoSurfaceToGdkTexture
https://bugs.webkit.org/show_bug.cgi?id=252435
Summary
[GTK] gdk_memory_texture_new: assertion 'width > 0' failed in cairoSurfaceToG...
Michael Catanzaro
Reported
2023-02-16 15:02:35 PST
Reproducer: visit
https://dor.mo.gov/forms/?formName=&category=&year=99
and wait until the page loads. It will hit a critical: #0 _g_log_abort (breakpoint=1) at ../../../../Projects/glib/glib/gmessages.c:558 #1 0x00007f6466d6d739 in g_logv (log_domain=0x7f6466735efb "Gdk", log_level=G_LOG_LEVEL_CRITICAL, format=0x7f6466dec60f "%s: assertion '%s' failed", args=0x7ffd73989de8) at ../../../../Projects/glib/glib/gmessages.c:1418 #2 0x00007f6466d6d830 in g_log (log_domain=0x7f6466735efb "Gdk", log_level=G_LOG_LEVEL_CRITICAL, format=0x7f6466dec60f "%s: assertion '%s' failed") at ../../../../Projects/glib/glib/gmessages.c:1460 #3 0x00007f6466d7088d in g_return_if_fail_warning (log_domain=0x7f6466735efb "Gdk", pretty_function=0x7f6466736080 <__func__.2> "gdk_memory_texture_new", expression=0x7f6466735ef1 "width > 0") at ../../../../Projects/glib/glib/gmessages.c:2930 #4 0x00007f64665a3cce in gdk_memory_texture_new (width=0, height=0, format=GDK_MEMORY_B8G8R8A8_PREMULTIPLIED, bytes=0x110c6e0, stride=0) at ../../../../Projects/gtk/gdk/gdkmemorytexture.c:150 #5 0x00007f6463ae646a in WebCore::cairoSurfaceToGdkTexture ( surface=surface@entry=0x7f6465c6dbe0 <_cairo_surface_nil_invalid_size.lto_priv.0>) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/gtk/GdkCairoUtilities.cpp:56 #6 0x00007f64622c5e86 in webkit_web_view_get_snapshot_finish (webView=<optimized out>, result=0x1a38400, error=0x7ffd73989fd0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:4897 #7 0x00007f6466f050f6 in on_snapshot_ready (web_view=0x74e6e0, result=0x1a38400, task=0x1b2b480) at ../../../../Projects/epiphany/lib/ephy-snapshot-service.c:425 #8 0x00007f6466add58a in g_task_return_now (task=0x1a38400) at ../../../../Projects/glib/gio/gtask.c:1309 #9 0x00007f6466add6d6 in g_task_return (task=0x1a38400, type=G_TASK_RETURN_SUCCESS) at ../../../../Projects/glib/gio/gtask.c:1378 #10 0x00007f6466ade2df in g_task_return_pointer (task=0x1a38400, result=0x7f6465c6dbe0 <_cairo_surface_nil_invalid_size.lto_priv.0>, result_destroy=0x7f6465bf07a0 <INT_cairo_surface_destroy>) at ../../../../Projects/glib/gio/gtask.c:1812 #11 0x00007f64622c943d in webkit_web_view_get_snapshot::$_9::operator() (handle=..., this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:4867 #12 WTF::Detail::CallableWrapper<webkit_web_view_get_snapshot::$_9, void, WebKit::ShareableBitmapHandle const&>::call (this=0x7f645200c0f0, in=...) at WTF/Headers/wtf/Function.h:53 #13 0x00007f646222dbe7 in WTF::Function<void (WebKit::ShareableBitmapHandle const&)>::operator()(WebKit::ShareableBitmapHandle const&) const (in=..., this=<optimized out>) at WTF/Headers/wtf/Function.h:82 #14 WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>::operator()(WebKit::ShareableBitmapHandle const&) (this=0x7f645200c328, in=...) at WTF/Headers/wtf/CompletionHandler.h:75 #15 std::__invoke_impl<void, WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>, WebKit::ShareableBitmapHandle>(std::__invoke_other, WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>&&, WebKit::ShareableBitmapHandle&&) (__f=..., __args=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/invoke.h:61 #16 std::__invoke<WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>, WebKit::ShareableBitmapHandle>(WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>&&, WebKit::ShareableBitmapHandle&&) (__fn=..., __args=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/invoke.h:96 #17 std::__apply_impl<WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>, std::tuple<WebKit::ShareableBitmapHandle>, 0ul>(WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>&&, std::tuple<WebKit::ShareableBitmapHandle>&&, std::integer_sequence<unsigned long, 0ul>) (__f=..., __t=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/tuple:1852 #18 std::apply<WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>, std::tuple<WebKit::ShareableBitmapHandle> >(WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>&&, std::tuple<WebKit::ShareableBitmapHandle>&&) (__f=..., __t=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/tuple:1863 #19 IPC::Connection::callReply<Messages::WebPage::TakeSnapshot, WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)> >(IPC::Decoder&, WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>&&) (decoder=..., completionHandler=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.h:704 #20 0x00007f64621a3c26 in WTF::Function<void (IPC::Decoder*)>::operator()(IPC::Decoder*) const (in=0x0, this=<optimized out>) at WTF/Headers/wtf/Function.h:82 #21 WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) (this=<optimized out>, in=0x0) --Type <RET> for more, q to quit, c to continue without paging--c at WTF/Headers/wtf/CompletionHandler.h:75 #22 WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::optional<IPC::Connection::AsyncReplyHandler>, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::$_1::operator()(IPC::Decoder*) (this=<optimized out>, decoder=0x0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:219 #23 WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::optional<IPC::Connection::AsyncReplyHandler>, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::$_1, void, IPC::Decoder*>::call(IPC::Decoder*) (this=<optimized out>, in=0x0) at WTF/Headers/wtf/Function.h:53 #24 0x00007f6462142485 in WTF::Function<void (IPC::Decoder*)>::operator()(IPC::Decoder*) const (in=0x7f6452118270, this=<optimized out>) at WTF/Headers/wtf/Function.h:82 #25 WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) (this=0x7ffd7398a178, in=0x7f6452118270) at WTF/Headers/wtf/CompletionHandler.h:75 #26 IPC::Connection::dispatchMessage (this=0x7f645215c1a0, decoder=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1179 #27 0x00007f6462142606 in IPC::Connection::dispatchMessage (this=0x7f645215c1a0, message=std::unique_ptr<IPC::Decoder> = {...}) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1245 #28 0x00007f6462142b82 in IPC::Connection::dispatchIncomingMessages (this=0x7f645215c1a0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1355 #29 0x00007f6460eba31c in WTF::Function<void ()>::operator()() const (this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/Function.h:82 #30 WTF::RunLoop::performWork (this=0x7f64520100e0) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/RunLoop.cpp:147 #31 0x00007f6460f1b8c6 in WTF::RunLoop::RunLoop()::$_1::operator()(void*) const (userData=0x1, userData@entry=0x7f64520100e0, this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:80 #32 WTF::RunLoop::RunLoop()::$_1::__invoke(void*) (userData=0x1, userData@entry=0x7f64520100e0) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:79 #33 0x00007f6460f1adfa in WTF::RunLoop::$_0::operator() (source=0x7717c0, callback=0x7f6460f1b8c0 <WTF::RunLoop::RunLoop()::$_1::__invoke(void*)>, userData=0x7f64520100e0, this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #34 WTF::RunLoop::$_0::__invoke (source=0x7717c0, callback=0x7f6460f1b8c0 <WTF::RunLoop::RunLoop()::$_1::__invoke(void*)>, userData=0x7f64520100e0) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:45 #35 0x00007f6466d6071b in g_main_dispatch (context=0x732a90) at ../../../../Projects/glib/glib/gmain.c:3460 #36 0x00007f6466d6168f in g_main_context_dispatch (context=0x732a90) at ../../../../Projects/glib/glib/gmain.c:4200 #37 0x00007f6466d61882 in g_main_context_iterate (context=0x732a90, block=1, dispatch=1, self=0x738950) at ../../../../Projects/glib/glib/gmain.c:4276 #38 0x00007f6466d61946 in g_main_context_iteration (context=0x732a90, may_block=1) at ../../../../Projects/glib/glib/gmain.c:4343 #39 0x00007f6466b1edc2 in g_application_run (application=0x777240, argc=1, argv=0x7ffd7398a668) at ../../../../Projects/glib/gio/gapplication.c:2573 #40 0x0000000000404d48 in main (argc=1, argv=0x7ffd7398a668) at ../../../../Projects/epiphany/src/ephy-main.c:434
Attachments
Add attachment
proposed patch, testcase, etc.
Michael Catanzaro
Comment 1
2023-02-16 15:15:48 PST
So an initial fix is: diff --git a/Source/WebCore/platform/graphics/gtk/GdkCairoUtilities.cpp b/Source/WebCore/platform/graphics/gtk/GdkCairoUtilities.cpp index 299bea86401d..43c20263e429 100644 --- a/Source/WebCore/platform/graphics/gtk/GdkCairoUtilities.cpp +++ b/Source/WebCore/platform/graphics/gtk/GdkCairoUtilities.cpp @@ -48,6 +48,8 @@ GRefPtr<GdkTexture> cairoSurfaceToGdkTexture(cairo_surface_t* surface) ASSERT(cairo_image_surface_get_format(surface) == CAIRO_FORMAT_ARGB32); auto width = cairo_image_surface_get_width(surface); auto height = cairo_image_surface_get_height(surface); + if (width <= 0 || height <= 0) + return nullptr; auto stride = cairo_image_surface_get_stride(surface); auto* data = cairo_image_surface_get_data(surface); GRefPtr<GBytes> bytes = adoptGRef(g_bytes_new_with_free_func(data, height * stride, [](gpointer data) { But then Epiphany crashes later on in ephy_snapshot_service_prepare_snapshot() in basically the same way, and it doesn't look like Epiphany, fault. Problem is webkit_web_view_get_snapshot_finish() can return nullptr without setting the error parameter. I think we should set WEBKIT_SNAPSHOT_ERROR_FAILED_TO_CREATE error when returning nullptr, does that sound OK?
Michael Catanzaro
Comment 2
2023-02-17 16:17:32 PST
Pull request:
https://github.com/WebKit/WebKit/pull/10310
EWS
Comment 3
2024-02-01 07:45:41 PST
Committed
273907@main
(39559cbd2d25): <
https://commits.webkit.org/273907@main
> Reviewed commits have been landed. Closing PR #10310 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug