42081 – [CAIRO]GtkLauncher crashes when loading LayoutTest text-shadow-extreme-value.html

RESOLVED FIXED 42081

[CAIRO]GtkLauncher crashes when loading LayoutTest text-shadow-extreme-value.html

https://bugs.webkit.org/show_bug.cgi?id=42081

Summary [CAIRO]GtkLauncher crashes when loading LayoutTest text-shadow-extreme-value....

Mihnea Ovidenie

Reported 2010-07-12 08:21:45 PDT

Hi, When loading WebKit LayoutTest/fast/text/text-shadow-extreme-value.html, GtkLauncher crashes. The same LayoutTest crashes WinCairo build too. Here is the stack trace, caught in gdb: ASSERTION FAILED: m_ptr (../../JavaScriptCore/wtf/OwnPtr.h:66 typename WTF::RemovePointer<T>::Type* WTF::OwnPtr<T>::operator->() const [with T = WebCore::ImageBuffer]) Program received signal SIGSEGV, Segmentation fault. #0 0x005fc9a6 in WTF::OwnPtr<WebCore::ImageBuffer>::operator-> (this=0x8587de4) at ../../JavaScriptCore/wtf/OwnPtr.h:66 #1 0x00a66d00 in WebCore::FilterEffect::getEffectContext (this=0x8587d98) at ../../WebCore/platform/graphics/filters/FilterEffect.cpp:77 #2 0x00a66060 in WebCore::FEGaussianBlur::apply (this=0x8587d98, filter=0x856ce68) at ../../WebCore/platform/graphics/filters/FEGaussianBlur.cpp:108 #3 0x00b8f4b9 in WebCore::GraphicsContext::createPlatformShadow (this=0xbfffeb18, buffer=..., shadowColor=..., shadowRect=..., kernelSize=1000) at ../../WebCore/platform/graphics/cairo/GraphicsContextCairo.cpp:912 #4 0x00b8bd26 in WebCore::Font::drawGlyphs (this=0x85777f8, context=0xbfffeb18, font=0x8592c28, glyphBuffer=..., from=0, numGlyphs=49, point=...) at ../../WebCore/platform/graphics/cairo/FontCairo.cpp:116 #5 0x00807afa in WebCore::Font::drawGlyphBuffer (this=0x85777f8, context=0xbfffeb18, glyphBuffer=..., point=...) at ../../WebCore/platform/graphics/FontFastPath.cpp:241 #6 0x00807931 in WebCore::Font::drawSimpleText (this=0x85777f8, context=0xbfffeb18, run=..., point=..., from=0, to=49) at ../../WebCore/platform/graphics/FontFastPath.cpp:214 #7 0x007f995d in WebCore::Font::drawText (this=0x85777f8, context=0xbfffeb18, run=..., point=..., from=0, to=49) at ../../WebCore/platform/graphics/Font.cpp:153 #8 0x00812ee1 in WebCore::GraphicsContext::drawText (this=0xbfffeb18, font=..., run=..., point=..., from=0, to=49) at ../../WebCore/platform/graphics/GraphicsContext.cpp:337 #9 0x00882af2 in paintTextWithShadows (context=0xbfffeb18, font=..., textRun=..., startOffset=0, endOffset=49, truncationPoint=49, textOrigin=..., x=8, y=8, w=405, h=19, shadow=0x85902e0, stroked=false) at ../../WebCore/rendering/InlineTextBox.cpp:338 #10 0x008839cc in WebCore::InlineTextBox::paint (this=0x8529bcc, paintInfo=..., tx=8, ty=8) at ../../WebCore/rendering/InlineTextBox.cpp:528 #11 0x0087b96b in WebCore::InlineFlowBox::paint (this=0x855c63c, paintInfo=..., tx=8, ty=8) at ../../WebCore/rendering/InlineFlowBox.cpp:695 #12 0x0096e252 in WebCore::RootInlineBox::paint (this=0x855c63c, paintInfo=..., tx=8, ty=8) at ../../WebCore/rendering/RootInlineBox.cpp:166 #13 0x00910862 in WebCore::RenderLineBoxList::paint (this=0x81dee50, renderer=0x81dede4, paintInfo=..., tx=8, ty=8) at ../../WebCore/rendering/RenderLineBoxList.cpp:219 #14 0x00891e03 in WebCore::RenderBlock::paintContents (this=0x81dede4, paintInfo=..., tx=8, ty=8) at ../../WebCore/rendering/RenderBlock.cpp:2089 #15 0x0089258d in WebCore::RenderBlock::paintObject (this=0x81dede4, paintInfo=..., tx=8, ty=8) at ../../WebCore/rendering/RenderBlock.cpp:2184 #16 0x008916af in WebCore::RenderBlock::paint (this=0x81dede4, paintInfo=..., tx=8, ty=8) ---Type <return> to continue, or q <return> to quit--- at ../../WebCore/rendering/RenderBlock.cpp:1980 #17 0x008920db in WebCore::RenderBlock::paintChildren (this=0x8543974, paintInfo=..., tx=8, ty=8) at ../../WebCore/rendering/RenderBlock.cpp:2117 #18 0x00891e25 in WebCore::RenderBlock::paintContents (this=0x8543974, paintInfo=..., tx=8, ty=8) at ../../WebCore/rendering/RenderBlock.cpp:2091 #19 0x0089258d in WebCore::RenderBlock::paintObject (this=0x8543974, paintInfo=..., tx=8, ty=8) at ../../WebCore/rendering/RenderBlock.cpp:2184 #20 0x008916af in WebCore::RenderBlock::paint (this=0x8543974, paintInfo=..., tx=8, ty=8) at ../../WebCore/rendering/RenderBlock.cpp:1980 #21 0x008920db in WebCore::RenderBlock::paintChildren (this=0x854466c, paintInfo=..., tx=0, ty=0) at ../../WebCore/rendering/RenderBlock.cpp:2117 #22 0x00891e25 in WebCore::RenderBlock::paintContents (this=0x854466c, paintInfo=..., tx=0, ty=0) at ../../WebCore/rendering/RenderBlock.cpp:2091 #23 0x0089258d in WebCore::RenderBlock::paintObject (this=0x854466c, paintInfo=..., tx=0, ty=0) at ../../WebCore/rendering/RenderBlock.cpp:2184 #24 0x008916af in WebCore::RenderBlock::paint (this=0x854466c, paintInfo=..., tx=0, ty=0) at ../../WebCore/rendering/RenderBlock.cpp:1980 #25 0x0090499e in WebCore::RenderLayer::paintLayer (this=0x81da53c, rootLayer=0x81fb6f4, p=0xbfffeb18, paintDirtyRect=..., paintBehavior=0, paintingRoot=0x0, overlapTestRequests=0xbfffe95c, paintFlags=0) at ../../WebCore/rendering/RenderLayer.cpp:2446 #26 0x00904d4d in WebCore::RenderLayer::paintList (this=0x81fb6f4, list=0x80c51d0, rootLayer=0x81fb6f4, p=0xbfffeb18, paintDirtyRect=..., paintBehavior=0, paintingRoot=0x0, overlapTestRequests=0xbfffe95c, paintFlags=0) at ../../WebCore/rendering/RenderLayer.cpp:2499 #27 0x00904b5e in WebCore::RenderLayer::paintLayer (this=0x81fb6f4, rootLayer=0x81fb6f4, p=0xbfffeb18, paintDirtyRect=..., paintBehavior=0, paintingRoot=0x0, overlapTestRequests=0xbfffe95c, paintFlags=0) at ../../WebCore/rendering/RenderLayer.cpp:2467 #28 0x00903e92 in WebCore::RenderLayer::paint (this=0x81fb6f4, p=0xbfffeb18, damageRect=..., paintBehavior=0, paintingRoot=0x0) at ../../WebCore/rendering/RenderLayer.cpp:2252 #29 0x0077e001 in WebCore::FrameView::paintContents (this=0x8178a00, p=0xbfffeb18, rect=...) at ../../WebCore/page/FrameView.cpp:1941 #30 0x007e78f4 in WebCore::ScrollView::paint (this=0x8178a00, context=0xbfffeb18, rect=...) at ../../WebCore/platform/ScrollView.cpp:797 #31 0x00c0d162 in webkit_web_view_expose_event (widget=0x812d808, event=0xbfffef88) at ../../WebKit/gtk/webkit/webkitwebview.cpp:539 #32 0x01fc62f4 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #33 0x025928b9 in ?? () from /usr/lib/libgobject-2.0.so.0 ---Type <return> to continue, or q <return> to quit--- #34 0x02594252 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #35 0x025a85e6 in ?? () from /usr/lib/libgobject-2.0.so.0 #36 0x025a9c33 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #37 0x025aa256 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #38 0x020f3306 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #39 0x01fbffeb in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0 #40 0x0229980b in ?? () from /usr/lib/libgdk-x11-2.0.so.0 #41 0x022997ba in ?? () from /usr/lib/libgdk-x11-2.0.so.0 #42 0x022c2964 in ?? () from /usr/lib/libgdk-x11-2.0.so.0 #43 0x02295f63 in ?? () from /usr/lib/libgdk-x11-2.0.so.0 #44 0x02297f7f in gdk_window_process_all_updates () from /usr/lib/libgdk-x11-2.0.so.0 #45 0x01f356df in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #46 0x02274318 in ?? () from /usr/lib/libgdk-x11-2.0.so.0 #47 0x02610661 in ?? () from /lib/libglib-2.0.so.0 #48 0x026125e5 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #49 0x026162d8 in ?? () from /lib/libglib-2.0.so.0 #50 0x02616817 in g_main_loop_run () from /lib/libglib-2.0.so.0 #51 0x01fc0299 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #52 0x0804a093 in main (argc=1, argv=0xbffff494) at ../../WebKitTools/GtkLauncher/main.c:224 Regards, Mihnea

Attachments
Add attachment proposed patch, testcase, etc.

Mihnea Ovidenie

Comment 1 2010-07-12 08:31:55 PDT

Debugging a little, i have found that the allocation of m_effectBuffer in FilterEffect::getEffectContext() fails. In the first place, i have thought that the fix for the problem is to add a null check in this function, but then i have realized that the problem appears because in function GraphicsContext::calculateShadowBufferDimensions the kernel size is not limitted at all. The LayoutTest uses a blurRadius = 38005685px, which gives a very bug kernel that is not limitted to 1000 as in GraphicsContext::createPlatformShadow (both from GraphicsContextCairo.cpp). * I think the fix should be to limit the kernel size in calculateShadowBufferDimensions the same way it is done in createPlatformShadow * Taking a look at GraphicsContext::setPlatformShadow() from GraphicsContextCG.cpp, i can see that the blurRadius is clamped to 1000, not the kernel, which in the case of Cairo port (Win/Gtk) is computed to be sqrt(2*blurRadius). Am i missing something here? Regards, Mihnea Ovidenie

Martin Robinson

Comment 2 2010-09-15 20:04:00 PDT

Soon the blur radius will be limited to 128, similar to other ports. See this bug: https://bugs.webkit.org/show_bug.cgi?id=45599

Alejandro G. Castro

Comment 3 2011-01-20 13:12:25 PST

The shadows code has changed completely, I've tested it and it does not crash anymore. Feel free to reopen if I missed something.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Linux

Product WebKit

Component WebKitGTK

Assignee

Nobody

Reported

2010-07-12 08:21 PDT

Modified

2011-01-20 13:12 PST History

CC List

3 users Show

URL

Keywords

Depends on

40793

Blocks

Dependencies

tree graph