WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
254942
REGRESSION(
262518@main
) [cairo] Crash under GraphicsContextGL::paintToCanvas
https://bugs.webkit.org/show_bug.cgi?id=254942
Summary
REGRESSION(262518@main) [cairo] Crash under GraphicsContextGL::paintToCanvas
Fujii Hironori
Reported
2023-04-03 13:44:31 PDT
Windows port is crashing for some WebGL tests after
262518@main
. Regressions: Unexpected crashes (42) webgl/2.0.0/conformance/canvas/draw-static-webgl-to-multiple-canvas-test.html [ Crash ] webgl/2.0.0/conformance/canvas/draw-webgl-to-canvas-test.html [ Crash ] webgl/2.0.0/conformance/canvas/to-data-url-test.html [ Crash ] webgl/2.0.0/conformance/textures/misc/texture-hd-dpi.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-r11f_g11f_b10f-rgb-float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-r11f_g11f_b10f-rgb-half_float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-r11f_g11f_b10f-rgb-unsigned_int_10f_11f_11f_rev.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-r16f-red-float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-r16f-red-half_float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-r32f-red-float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-r8-red-unsigned_byte.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-r8ui-red_integer-unsigned_byte.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rg16f-rg-float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rg16f-rg-half_float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rg32f-rg-float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rg8-rg-unsigned_byte.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rg8ui-rg_integer-unsigned_byte.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgb16f-rgb-float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgb16f-rgb-half_float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgb32f-rgb-float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgb565-rgb-unsigned_byte.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgb565-rgb-unsigned_short_5_6_5.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgb5_a1-rgba-unsigned_byte.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgb5_a1-rgba-unsigned_short_5_5_5_1.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgb8-rgb-unsigned_byte.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgb8ui-rgb_integer-unsigned_byte.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgb9_e5-rgb-float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgb9_e5-rgb-half_float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgba16f-rgba-float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgba16f-rgba-half_float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgba32f-rgba-float.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgba4-rgba-unsigned_short_4_4_4_4.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgba8-rgba-unsigned_byte.html [ Crash ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-2d-rgba8ui-rgba_integer-unsigned_byte.html [ Crash ] webgl/2.0.y/conformance/canvas/to-data-url-test.html [ Crash ] webgl/2.0.y/conformance/ogles/GL/abs/abs_001_to_006.html [ Crash ] webgl/2.0.y/conformance/ogles/GL/acos/acos_001_to_006.html [ Crash ] webgl/2.0.y/conformance/ogles/GL/default/default_001_to_001.html [ Crash ] webgl/2.0.y/conformance/ogles/GL/degrees/degrees_001_to_006.html [ Crash ] webgl/2.0.y/conformance/ogles/GL/min/min_001_to_006.html [ Crash ] webgl/2.0.y/conformance/ogles/GL/mix/mix_001_to_006.html [ Crash ] webgl/draw-webgl-to-context2d-memory-test.html [ Crash ] Call stack:
> [Inline Frame] cairo.dll!scaled_nearest_scanline_8888_8888_cover_SRC(unsigned int * dst, const unsigned int * w, int vx, int) Line 1185 C > [Inline Frame] cairo.dll!scaled_nearest_scanline_8888_8888_cover_SRC_8888_8888_cover_SRC_wrapper(const unsigned char * src, unsigned int * vx, const unsigned int *) Line 1185 C > cairo.dll!fast_composite_scaled_nearest_8888_8888_cover_SRC(pixman_implementation_t * imp, pixman_composite_info_t * info) Line 1185 C > cairo.dll!pixman_image_composite32(pixman_op_t op, pixman_image * src, pixman_image * mask, pixman_image * dest, int src_x, int src_y, int mask_x, int mask_y, int dest_x, int dest_y, int width, int height) Line 700 C > cairo.dll!composite_boxes(void * _dst, _cairo_operator op, _cairo_surface * abstract_src, _cairo_surface * abstract_mask, int src_x, int src_y, int mask_x, int mask_y, int dst_x, int dst_y, _cairo_boxes_t * boxes, const _cairo_rectangle_int * extents) Line 538 C > cairo.dll!composite_aligned_boxes(const cairo_spans_compositor * compositor, const _cairo_composite_rectangles * extents, _cairo_boxes_t * boxes) Line 688 C > cairo.dll!clip_and_composite_boxes(const cairo_spans_compositor * compositor, _cairo_composite_rectangles * extents, _cairo_boxes_t * boxes) Line 883 C > cairo.dll!_cairo_spans_compositor_paint(const cairo_compositor * _compositor, _cairo_composite_rectangles * extents) Line 1000 C > cairo.dll!_cairo_compositor_paint(const cairo_compositor * compositor, _cairo_surface * surface, _cairo_operator op, const _cairo_pattern * source, const _cairo_clip * clip) Line 67 C > cairo.dll!_cairo_image_surface_paint(void * abstract_surface, _cairo_operator op, const _cairo_pattern * source, const _cairo_clip * clip) Line 947 C > cairo.dll!_cairo_surface_paint(_cairo_surface * surface, _cairo_operator op, const _cairo_pattern * source, const _cairo_clip * clip) Line 2213 C > cairo.dll!_cairo_gstate_paint(_cairo_gstate * gstate) Line 1100 C > cairo.dll!_cairo_default_context_paint_with_alpha(void * abstract_cr, double alpha) Line 996 C > cairo.dll!cairo_paint_with_alpha(_cairo * cr, double alpha) Line 2301 C > WebCore.dll!WebCore::Cairo::drawPatternToCairoContext(_cairo * cr, _cairo_pattern * pattern, const WebCore::FloatRect & destRect, float alpha) Line 157 C++ > WebCore.dll!WebCore::Cairo::drawSurface(WebCore::GraphicsContextCairo & platformContext, _cairo_surface * surface, const WebCore::FloatRect & destRect, const WebCore::FloatRect & originalSrcRect, WebCore::InterpolationQuality imageInterpolationQuality, float globalAlpha, const WebCore::Cairo::ShadowState & shadowState, WebCore::Cairo::OrientationSizing orientationSizing) Line 946 C++ > WebCore.dll!WebCore::Cairo::drawPlatformImage(WebCore::GraphicsContextCairo & platformContext, _cairo_surface * surface, const WebCore::FloatRect & destRect, const WebCore::FloatRect & srcRect, const WebCore::ImagePaintingOptions & options, float globalAlpha, const WebCore::Cairo::ShadowState & shadowState) Line 850 C++ > WebCore.dll!WebCore::GraphicsContextCairo::drawNativeImageInternal(WebCore::NativeImage & nativeImage, const WebCore::FloatSize & __formal, const WebCore::FloatRect & destRect, const WebCore::FloatRect & srcRect, const WebCore::ImagePaintingOptions & options) Line 148 C++ > WebCore.dll!WebCore::NativeImage::draw(WebCore::GraphicsContext & context, const WebCore::FloatSize & imageSize, const WebCore::FloatRect & destinationRect, const WebCore::FloatRect & sourceRect, const WebCore::ImagePaintingOptions & options) Line 69 C++ > WebCore.dll!WebCore::GraphicsContext::drawNativeImage(WebCore::NativeImage & image, const WebCore::FloatSize & imageSize, const WebCore::FloatRect & destination, const WebCore::FloatRect & source, const WebCore::ImagePaintingOptions & options) Line 281 C++ > WebCore.dll!WebCore::GraphicsContextGL::paintToCanvas(WebCore::NativeImage & image, const WebCore::IntSize & canvasSize, WebCore::GraphicsContext & context) Line 707 C++ > WebKit2.dll!WebKit::RemoteGraphicsContextGL::paintNativeImageToImageBuffer::__l2::<lambda_1>::operator()() Line 271 C++ > WebKit2.dll!WTF::Detail::CallableWrapper<`WebKit::RemoteGraphicsContextGL::paintNativeImageToImageBuffer'::`2'::<lambda_1>,void>::call() Line 53 C++ > WebKit2.dll!WTF::Function<void __cdecl(void)>::operator()() Line 83 C++ > WebKit2.dll!IPC::StreamConnectionWorkQueue::processStreams() Line 151 C++ > WebKit2.dll!IPC::StreamConnectionWorkQueue::startProcessingThread::__l2::<lambda_1>::operator()() Line 117 C++ > WebKit2.dll!WTF::Detail::CallableWrapper<`IPC::StreamConnectionWorkQueue::startProcessingThread'::`2'::<lambda_1>,void>::call() Line 53 C++ > WTF.dll!WTF::Function<void __cdecl(void)>::operator()() Line 83 C++ > WTF.dll!WTF::Thread::entryPoint(WTF::Thread::NewThreadContext * newThreadContext) Line 250 C++ > WTF.dll!WTF::wtfThreadEntryPoint(void * data) Line 151 C++ > ucrtbase.dll!00007ff8990e1bb2() Unknown > kernel32.dll!00007ff89b087614() Unknown > ntdll.dll!00007ff89b1c26a1() Unknown
Attachments
WIP patch
(728 bytes, patch)
2023-04-03 19:37 PDT
,
Fujii Hironori
no flags
Details
Formatted Diff
Diff
Patch of using cairo_image_surface_create (doesn't work as expected)
(2.44 KB, patch)
2023-04-03 19:40 PDT
,
Fujii Hironori
no flags
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Dan Glastonbury
Comment 1
2023-04-03 16:43:50 PDT
Please let me know if I can assist with fixing this.
Fujii Hironori
Comment 2
2023-04-03 19:37:44 PDT
Created
attachment 465756
[details]
WIP patch GraphicsContextGLANGLE::withDrawingBufferAsNativeImage has to retain pixelBuffer until the function `func` is called. Is this a cairo specific problem?
Fujii Hironori
Comment 3
2023-04-03 19:40:58 PDT
Created
attachment 465757
[details]
Patch of using cairo_image_surface_create (doesn't work as expected) Using cairo_image_surface_create instead of cairo_image_surface_create_for_data can avoid crashing. But, a lot of tests fail. It seems that GraphicsContextGL::createNativeImageFromPixelBuffer has to return a NativeImage that is using the given pixel buffer.
Fujii Hironori
Comment 4
2023-04-03 20:34:22 PDT
(In reply to Fujii Hironori from
comment #2
)
> Is this a cairo specific problem?
GraphicsContextGLCG.cpp retains the given PixelBuffer into dataProvider.
https://github.com/WebKit/WebKit/blob/565c294fbf5fe2ba6ef15fbb52f561bd5b7e1420/Source/WebCore/platform/graphics/cg/GraphicsContextGLCG.cpp#L527-L528
Fujii Hironori
Comment 5
2023-04-03 22:47:43 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/12365
EWS
Comment 6
2023-04-04 05:17:19 PDT
Committed
262575@main
(fc5e0e6a297b): <
https://commits.webkit.org/262575@main
> Reviewed commits have been landed. Closing PR #12365 and removing active labels.
Radar WebKit Bug Importer
Comment 7
2023-04-04 05:18:17 PDT
<
rdar://problem/107607083
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug