RESOLVED FIXED 279649
[cairo] ASSERTION FAILED: destSize > 0 in WebCore::Cairo::calculateSubsurfaceRect 
https://bugs.webkit.org/show_bug.cgi?id=279649
Summary [cairo] ASSERTION FAILED: destSize > 0 in WebCore::Cairo::calculateSubsurface...
Fujii Hironori
Reported 2024-09-12 23:34:37 PDT
Window port Debug builds are crashing: imported/w3c/web-platform-tests/html/canvas/element/drawing-images-to-the-canvas/2d.drawImage.negativedest.html [ Crash ] imported/w3c/web-platform-tests/html/canvas/element/drawing-images-to-the-canvas/2d.drawImage.negativedir.html [ Crash ] ASSERTION FAILED: destSize > 0 C:\webkit\wc\Source\WebCore\platform/graphics/cairo/CairoOperations.cpp(875) : auto WebCore::Cairo::calculateSubsurfaceRect(FloatRect &, FloatRect &, const IntSize &, FloatSize &)::(anonymous class)::operator()(float &, float &, float &, float &, float, float &) const 1 00007FFF6843EFD0 WebCore::Cairo::calculateSubsurfaceRect::<lambda_0>::operator() 2 00007FFF684397B7 WebCore::Cairo::calculateSubsurfaceRect 3 00007FFF68438EAD WebCore::Cairo::drawSurface 4 00007FFF68438A42 WebCore::Cairo::drawPlatformImage 5 00007FFF68449CCE WebCore::GraphicsContextCairo::drawNativeImageInternal 6 00007FFF6834B746 WebCore::GraphicsContext::drawImageBuffer 7 00007FFF68484DC1 WebCore::DisplayList::DrawImageBuffer::apply 8 00007FFF61759734 WebKit::RemoteDisplayListRecorder::handleItem<WebCore::DisplayList::DrawImageBuffer,WebCore::ImageBuffer &> 9 00007FFF61743CBE WebKit::RemoteDisplayListRecorder::drawImageBuffer 10 00007FFF615C6F8B IPC::callMemberFunction<WebKit::RemoteDisplayListRecorder,WebKit::RemoteDisplayListRecorder,void (WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>, const WebCore::FloatRect &, const WebCore::FloatRect &, WebCore::ImagePaintingOptions),std::tuple<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> >::<lambda_1>::operator()<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> 11 00007FFF615C6EB0 std::invoke<`lambda at C:\webkit\wc\Source\WebKit\Platform\IPC\HandleMessage.h:134:9',WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> 12 00007FFF615C6E5B std::_Apply_impl<`lambda at C:\webkit\wc\Source\WebKit\Platform\IPC\HandleMessage.h:134:9',std::tuple<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions>,0,1,2,3> 13 00007FFF615C6DE2 std::apply<`lambda at C:\webkit\wc\Source\WebKit\Platform\IPC\HandleMessage.h:134:9',std::tuple<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> > 14 00007FFF615C60CF IPC::callMemberFunction<WebKit::RemoteDisplayListRecorder,WebKit::RemoteDisplayListRecorder,void (WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>, const WebCore::FloatRect &, const WebCore::FloatRect &, WebCore::ImagePaintingOptions),std::tuple<WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>,WebCore::FloatRect,WebCore::FloatRect,WebCore::ImagePaintingOptions> > 15 00007FFF615A0DF2 IPC::handleMessage<Messages::RemoteDisplayListRecorder::DrawImageBuffer,WebKit::RemoteDisplayListRecorder,WebKit::RemoteDisplayListRecorder,void (WTF::ObjectIdentifierGeneric<WebCore::RenderingResourceIdentifierType,WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long long>,unsigned long long,1>, const WebCore::FloatRect &, const WebCore::FloatRect &, WebCore::ImagePaintingOptions)> 16 00007FFF61589A7F WebKit::RemoteDisplayListRecorder::didReceiveStreamMessage 17 00007FFF61C89B86 IPC::StreamServerConnection::dispatchStreamMessage 18 00007FFF61C88963 IPC::StreamServerConnection::dispatchStreamMessages 19 00007FFF61C88484 IPC::StreamConnectionWorkQueue::processStreams 20 00007FFF61C8A6EF IPC::StreamConnectionWorkQueue::startProcessingThread::<lambda_2>::operator() 21 00007FFF61C8A697 WTF::Detail::CallableWrapper<`lambda at C:\webkit\wc\Source\WebKit\Platform\IPC\StreamConnectionWorkQueue.cpp:123:17',void>::call 22 00007FFF5EF66B69 WTF::Function<void ()>::operator() 23 00007FFF6008D9FC WTF::Thread::entryPoint 24 00007FFF60167543 WTF::wtfThreadEntryPoint 25 00007FF844119333 recalloc 26 00007FF84617257D BaseThreadInitThunk 27 00007FF84690AF28 RtlUserThreadStart Exception thrown at 0x00007FFF5FF3AEB5 (JavaScriptCore.dll) in WebKitGPUProcess.exe: 0xC0000005: Access violation writing location 0x00000000BBADBEEF.
Attachments
Add attachment proposed patch, testcase, etc.
Fujii Hironori
Comment 1 2024-09-12 23:35:01 PDT
It's reproducible just by loading https://wpt.live/html/canvas/element/drawing-images-to-the-canvas/2d.drawImage.negativedest.html with Windows Debug MiniBrowser.
Fujii Hironori
Comment 2 2024-09-17 00:35:40 PDT
Pull request: https://github.com/WebKit/WebKit/pull/33756
EWS
Comment 3 2024-09-17 13:52:30 PDT
Committed 283797@main (028c2cf49867): <https://commits.webkit.org/283797@main> Reviewed commits have been landed. Closing PR #33756 and removing active labels.
Radar WebKit Bug Importer
Comment 4 2024-09-17 13:53:15 PDT
<rdar://problem/136174675>
Note You need to log in before you can comment on or make changes to this bug.