RESOLVED FIXED 89113
[Texmap] SIGSEV in WebCore::TextureMapperGL::drawTexture 
https://bugs.webkit.org/show_bug.cgi?id=89113
Summary [Texmap] SIGSEV in WebCore::TextureMapperGL::drawTexture
Sergio Villar Senin
Reported 2012-06-14 11:38:15 PDT
Steps to reproduce: 1- go to the URL mentioned above (needs accelerated compositing turned on) 2- click and hold the left arrow key to move to the right 3- WK crashes This is the backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff47c55f6 in WebCore::TextureMapperGL::drawTexture (this=0xbafe10, texture=..., targetRect=..., matrix=..., opacity=1, mask=0x0) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp:363 363 if (!texture.isValid()) (gdb) bt #0 0x00007ffff47c55f6 in WebCore::TextureMapperGL::drawTexture (this=0xbafe10, texture=..., targetRect=..., matrix=..., opacity=1, mask=0x0) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp:363 #1 0x00007ffff47d7435 in WebCore::TextureMapperTile::paint (this=0x1d33280, textureMapper=0xbafe10, transform=..., opacity=1, mask=0x0) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperBackingStore.cpp:92 #2 0x00007ffff47d7668 in WebCore::TextureMapperTiledBackingStore::paintToTextureMapper (this=0x1b2f360, textureMapper=0xbafe10, targetRect=..., transform=..., opacity=1, mask=0x0) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperBackingStore.cpp:115 #3 0x00007ffff47db38b in WebCore::TextureMapperLayer::paintSelf (this=0x1ab72a0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:167 #4 0x00007ffff47db505 in WebCore::TextureMapperLayer::paintSelfAndChildren (this=0x1ab72a0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:187 #5 0x00007ffff47dbe22 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica (this=0x1ab72a0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:309 #6 0x00007ffff47dbf83 in WebCore::TextureMapperLayer::paintRecursive (this=0x1ab72a0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:355 #7 0x00007ffff47db688 in WebCore::TextureMapperLayer::paintSelfAndChildren (this=0x1b2ce90, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:197 #8 0x00007ffff47dbe22 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica (this=0x1b2ce90, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:309 #9 0x00007ffff47dbf83 in WebCore::TextureMapperLayer::paintRecursive (this=0x1b2ce90, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:355 #10 0x00007ffff47db688 in WebCore::TextureMapperLayer::paintSelfAndChildren (this=0xb80560, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:197 #11 0x00007ffff47dbe22 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica (this=0xb80560, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:309 #12 0x00007ffff47dbf83 in WebCore::TextureMapperLayer::paintRecursive (this=0xb80560, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:355 #13 0x00007ffff47db688 in WebCore::TextureMapperLayer::paintSelfAndChildren (this=0xb7bcb0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:197 #14 0x00007ffff47dbe22 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica (this=0xb7bcb0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:309 #15 0x00007ffff47dbf83 in WebCore::TextureMapperLayer::paintRecursive (this=0xb7bcb0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:355 #16 0x00007ffff47db688 in WebCore::TextureMapperLayer::paintSelfAndChildren (this=0x1b18560, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:197 #17 0x00007ffff47dbe22 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica (this=0x1b18560, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:309 #18 0x00007ffff47dbf83 in WebCore::TextureMapperLayer::paintRecursive (this=0x1b18560, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:355 #19 0x00007ffff47db688 in WebCore::TextureMapperLayer::paintSelfAndChildren (this=0xd4b6f0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:197 #20 0x00007ffff47dbe22 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica (this=0xd4b6f0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:309 #21 0x00007ffff47dbf83 in WebCore::TextureMapperLayer::paintRecursive (this=0xd4b6f0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:355 #22 0x00007ffff47db688 in WebCore::TextureMapperLayer::paintSelfAndChildren (this=0xaed5a0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:197 #23 0x00007ffff47dbe22 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica (this=0xaed5a0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:309 #24 0x00007ffff47dbf83 in WebCore::TextureMapperLayer::paintRecursive (this=0xaed5a0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:355 #25 0x00007ffff47db688 in WebCore::TextureMapperLayer::paintSelfAndChildren (this=0xdf00a0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:197 #26 0x00007ffff47dbe22 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica (this=0xdf00a0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:309 #27 0x00007ffff47dbf83 in WebCore::TextureMapperLayer::paintRecursive (this=0xdf00a0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:355 #28 0x00007ffff47db688 in WebCore::TextureMapperLayer::paintSelfAndChildren (this=0xdf9780, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:197 #29 0x00007ffff47dbe22 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica (this=0xdf9780, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:309 #30 0x00007ffff47dbf83 in WebCore::TextureMapperLayer::paintRecursive (this=0xdf9780, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:355 #31 0x00007ffff47db688 in WebCore::TextureMapperLayer::paintSelfAndChildren (this=0xdf90e0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:197 #32 0x00007ffff47dbe22 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica (this=0xdf90e0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:309 #33 0x00007ffff47dbf83 in WebCore::TextureMapperLayer::paintRecursive (this=0xdf90e0, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:355 #34 0x00007ffff47db688 in WebCore::TextureMapperLayer::paintSelfAndChildren (this=0xdf0740, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:197 #35 0x00007ffff47dbe22 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica (this=0xdf0740, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:309 #36 0x00007ffff47dbf83 in WebCore::TextureMapperLayer::paintRecursive (this=0xdf0740, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:355 #37 0x00007ffff47db688 in WebCore::TextureMapperLayer::paintSelfAndChildren (this=0xdf9e20, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:197 #38 0x00007ffff47dbe22 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica (this=0xdf9e20, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:309 #39 0x00007ffff47dbf83 in WebCore::TextureMapperLayer::paintRecursive (this=0xdf9e20, options=...) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:355 #40 0x00007ffff47db1a3 in WebCore::TextureMapperLayer::paint (this=0xdf9e20) at ../../Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:152 #41 0x00007ffff38d65d9 in WebKit::AcceleratedCompositingContext::renderLayersToWindow (this=0x5e0df0, clipRect=...) at ../../Source/WebKit/gtk/WebCoreSupport/AcceleratedCompositingContextGL.cpp:100 #42 0x00007ffff38d6b54 in WebKit::AcceleratedCompositingContext::syncLayersTimeout (this=0x5e0df0) at ../../Source/WebKit/gtk/WebCoreSupport/AcceleratedCompositingContextGL.cpp:192 #43 0x00007ffff38d6a3c in WebKit::syncLayersTimeoutCallback (context=0x5e0df0) at ../../Source/WebKit/gtk/WebCoreSupport/AcceleratedCompositingContextGL.cpp:163
Attachments
patch v.1 (2.23 KB, patch)
2012-06-15 21:20 PDT, Dongseong Hwang 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Sergio Villar Senin
Comment 1 2012-06-15 02:09:00 PDT
The obvious fix for the crash is to add a NULL check for texture() that can be indeed NULL, instead of unconditionally calling paint. After doing that, I can see a log of flickering (not sure if the flickering was there before tough because it was always crashing). Maybe a different bug?
Dongseong Hwang
Comment 2 2012-06-15 21:20:10 PDT
Created attachment 147948 [details] patch v.1
Dongseong Hwang
Comment 3 2012-06-15 21:25:04 PDT
Tile's texture is not created if dirty rect is empty in following code. void TextureMapperTile::updateContents(TextureMapper* textureMapper, Image* image, const IntRect& ) { IntRect targetRect = enclosingIntRect(m_rect); targetRect.intersect(dirtyRect); if (targetRect.isEmpty()) return; IntPoint sourceOffset = targetRect.location(); // Normalize sourceRect to the buffer's coordinates. sourceOffset.move(-dirtyRect.x(), -dirtyRect.y()); // Normalize targetRect to the texture's coordinates. targetRect.move(-m_rect.x(), -m_rect.y()); if (!m_texture) { m_texture = textureMapper->createTexture(); m_texture->reset(targetRect.size(), image->currentFrameHasAlpha() ? BitmapTexture::SupportsAlpha : 0); } m_texture->updateContents(image, targetRect, sourceOffset); } targetRect is often empty. For example in http://www.satine.org/research/webkit/snowleopard/snowstack.html m_rect = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 187, m_height = 112}} dirtyRect = {m_location = {m_x = -44, m_y = -184}, m_size = {m_width = 4, m_height = 115} I have lack of knowledge why render tree notified a dirty rect out of bound size of layer.
WebKit Review Bot
Comment 4 2012-06-16 15:22:28 PDT
Comment on attachment 147948 [details] patch v.1 Clearing flags on attachment: 147948 Committed r120533: <http://trac.webkit.org/changeset/120533>
WebKit Review Bot
Comment 5 2012-06-16 15:23:00 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.