981921 – NULL ptr when displaying looped gif images

Bug 981921 - NULL ptr when displaying looped gif images

Summary: NULL ptr when displaying looped gif images

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	webkitgtk3
Sub Component:
Version:	20
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Matthias Clasen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-07-07 02:31 UTC by Ben Boeckel
Modified:	2014-03-03 19:43 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-03-03 19:43:57 UTC
Type:	Bug
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ben Boeckel 2013-07-07 02:31:24 UTC

Description of problem:
Crash when displaying a GIF which has looped within a page (straight up animated GIFs are fine).

Version-Release number of selected component (if applicable):
webkitgtk3-2.1.2-1.fc20.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Load up https://github.com/Shougo/unite.vim
2. Scroll down to trigger the GIF referenced in the README.md
3. Wait for the GIF to loop
4. Scroll around

'dest' is a bad pointer:

*dest = (a << 24 | r << 16 | g << 8 | b);

The caller:

buffer.setRGBA(currentAddress, colorMap[colorIndex], colorMap[colorIndex + 1], colorMap[colorIndex + 2], 255);

Here is that buffer:

(gdb) p *this
$3 = {static fixPointShift = 24, static fixPointMult = 65794, m_backingStore = {<WTF::VectorBuffer<unsigned int, 0ul>> = {<WTF::VectorBufferBase<unsigned int>> = {m_buffer = 0x0, m_capacity = 0}, <No data fields>}, m_size = 0}, m_bytes = 0x0, m_size = {m_width = 728, m_height = 518}, 
  m_colorProfile = {<WTF::VectorBuffer<char, 0ul>> = {<WTF::VectorBufferBase<char>> = {m_buffer = 0x0, m_capacity = 0}, <No data fields>}, m_size = 0}, m_hasAlpha = false, m_originalFrameRect = {m_location = {m_x = 4, m_y = 503}, m_size = {m_width = 724, m_height = 15}}, m_status = WebCore::ImageFrame::FramePartial, 
  m_duration = 100, m_disposalMethod = WebCore::ImageFrame::DisposeKeep, m_premultiplyAlpha = true}

currentAddress is computed via buffer.getBytes() which is basing it off of buffer.m_bytes which is NULL. I'm unsure where it is getting this state (a backing store failed?).

Backtrace:

#0  0x00007f87c27432d6 in setRGBA (this=0x7f87c438a058, a=255, b=<optimized out>, g=<optimized out>, r=<optimized out>, dest=0x1659b0) at Source/WebCore/platform/image-decoders/ImageDecoder.h:159
#1  WebCore::GIFImageDecoder::haveDecodedRow (this=0x7f875a593380, frameIndex=<optimized out>, rowBuffer=..., width=<optimized out>, rowNumber=<optimized out>, repeatCount=1, writeTransparentPixels=false) at Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:226
#2  0x00007f87c2744454 in GIFLZWContext::outputRow (this=this@entry=0x7f8753826500) at Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:152
#3  0x00007f87c27448b1 in GIFLZWContext::doLZW (this=0x7f8753826500, block=block@entry=0x7f8757edd451 "\240\225MQ$\225\021\031QՅep,\317tm\337x\256\357|\357\377\300\240pH,\032\217Ȥr\311l:\237Шt:s(\f\b\205\"q\335\026\f\214ƂJ.\233\317\350\264z\315n\273\337\360\370s@\310&\f\206\004\201\213\300\026", bytesInBlock=212)
    at Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:306
#4  0x00007f87c2745067 in GIFFrameContext::decode (this=this@entry=0x7f8753c34de0, data=0x7f8757ebd000 "GIF89a\330\002\006\002\367\377", length=length@entry=3113146, client=client@entry=0x7f875a593380, frameDecoded=frameDecoded@entry=0x7fff7b10a93f) at Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:340
#5  0x00007f87c2745fca in GIFImageReader::decode (this=0x7f875b0c90e0, query=query@entry=WebCore::GIFImageDecoder::GIFFullQuery, haltAtFrame=haltAtFrame@entry=2) at Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:371
#6  0x00007f87c2743cdf in WebCore::GIFImageDecoder::decode (this=0x7f875a593380, haltAtFrame=2, query=WebCore::GIFImageDecoder::GIFFullQuery) at Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:333
#7  0x00007f87c27440da in WebCore::GIFImageDecoder::frameBufferAtIndex (this=0x7f875a593380, index=1) at Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:124
#8  0x00007f87c272deeb in WebCore::ImageSource::createFrameAtIndex (this=this@entry=0x7f875a116020, index=index@entry=1) at Source/WebCore/platform/graphics/ImageSource.cpp:144
#9  0x00007f87c2709250 in WebCore::BitmapImage::cacheFrame (this=this@entry=0x7f875a116000, index=index@entry=1) at Source/WebCore/platform/graphics/BitmapImage.cpp:137
#10 0x00007f87c27095e2 in WebCore::BitmapImage::ensureFrameIsCached (this=0x7f875a116000, index=1) at Source/WebCore/platform/graphics/BitmapImage.cpp:295
#11 0x00007f87c27096b1 in WebCore::BitmapImage::frameIsCompleteAtIndex (this=0x7f875a116000, index=1) at Source/WebCore/platform/graphics/BitmapImage.cpp:308
#12 0x00007f87c27099d6 in WebCore::BitmapImage::startAnimation (this=0x7f875a116000, catchUpIfNecessary=<optimized out>) at Source/WebCore/platform/graphics/BitmapImage.cpp:442
#13 0x00007f87c26e1c24 in WebCore::BitmapImage::draw (this=0x7f875a116000, context=0x7fff7b10cd40, dst=..., src=..., styleColorSpace=WebCore::ColorSpaceDeviceRGB, op=WebCore::CompositeSourceOver, blendMode=WebCore::BlendModeNormal, shouldRespectImageOrientation=WebCore::DoNotRespectImageOrientation)
    at Source/WebCore/platform/graphics/cairo/BitmapImageCairo.cpp:78
#14 0x00007f87c2727be1 in WebCore::GraphicsContext::drawImage (this=this@entry=0x7fff7b10cd40, image=image@entry=0x7f875a116000, styleColorSpace=styleColorSpace@entry=WebCore::ColorSpaceDeviceRGB, dest=..., src=..., op=op@entry=WebCore::CompositeSourceOver, 
    shouldRespectImageOrientation=shouldRespectImageOrientation@entry=WebCore::DoNotRespectImageOrientation, useLowQualityScale=useLowQualityScale@entry=false) at Source/WebCore/platform/graphics/GraphicsContext.cpp:493
#15 0x00007f87c2727d56 in WebCore::GraphicsContext::drawImage (this=this@entry=0x7fff7b10cd40, image=0x7f875a116000, styleColorSpace=styleColorSpace@entry=WebCore::ColorSpaceDeviceRGB, r=..., op=op@entry=WebCore::CompositeSourceOver, 
    shouldRespectImageOrientation=shouldRespectImageOrientation@entry=WebCore::DoNotRespectImageOrientation, useLowQualityScale=useLowQualityScale@entry=false) at Source/WebCore/platform/graphics/GraphicsContext.cpp:483
#16 0x00007f87c2f25e79 in WebCore::RenderImage::paintIntoRect (this=0x7f875ae4cc40, context=0x7fff7b10cd40, rect=...) at Source/WebCore/rendering/RenderImage.cpp:478
#17 0x00007f87c2f264df in WebCore::RenderImage::paintReplaced (this=0x7f875ae4cc40, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderImage.cpp:396
#18 0x00007f87c2f962cc in WebCore::RenderReplaced::paint (this=this@entry=0x7f875ae4cc40, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderReplaced.cpp:158
#19 0x00007f87c2f274f1 in WebCore::RenderImage::paint (this=0x7f875ae4cc40, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderImage.cpp:411
#20 0x00007f87c2e776fd in WebCore::InlineBox::paint (this=0x7f875a090fc8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/InlineBox.cpp:237
#21 0x00007f87c2e7f788 in WebCore::InlineFlowBox::paint (this=this@entry=0x7f875a091000, paintInfo=..., paintOffset=..., lineTop=lineTop@entry=..., lineBottom=..., lineBottom@entry=...) at Source/WebCore/rendering/InlineFlowBox.cpp:1150
#22 0x00007f87c2fe7f8c in WebCore::RootInlineBox::paint (this=0x7f875a091000, paintInfo=..., paintOffset=..., lineTop=..., lineBottom=...) at Source/WebCore/rendering/RootInlineBox.cpp:218
#23 0x00007f87c2f626c6 in WebCore::RenderLineBoxList::paint (this=this@entry=0x7f875ae4cbc0, renderer=renderer@entry=0x7f875ae4cb28, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderLineBoxList.cpp:262
#24 0x00007f87c2e8c46d in WebCore::RenderBlock::paintContents (this=0x7f875ae4cb28, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3140
#25 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f875ae4cb28, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#26 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f875ae4cb28, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#27 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f875ae4c418, child=0x7f875ae4cb28, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#28 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f875ae4c418, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#29 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f875ae4c418, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#30 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f875ae4c418, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#31 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f875ae4c418, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#32 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f875ae4b8d8, child=0x7f875ae4c418, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#33 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f875ae4b8d8, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#34 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f875ae4b8d8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#35 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f875ae4b8d8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#36 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f875ae4b8d8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#37 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f875b059448, child=0x7f875ae4b8d8, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#38 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f875b059448, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#39 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f875b059448, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#40 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f875b059448, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#41 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f875b059448, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#42 0x00007f87c2e8ce93 in WebCore::RenderBlock::paintFloats (this=0x7f875b398418, paintInfo=..., paintOffset=..., preservePhase=false) at Source/WebCore/rendering/RenderBlock.cpp:3348
#43 0x00007f87c2ea2c41 in WebCore::RenderBlock::paintObject (this=0x7f875b398418, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3272
#44 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f875b398418, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#45 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f876061eaa0, child=0x7f875b398418, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#46 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f876061eaa0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#47 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f876061eaa0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#48 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f876061eaa0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#49 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f876061eaa0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#50 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f875ae0d990, child=0x7f876061eaa0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#51 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f875ae0d990, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#52 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f875ae0d990, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#53 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f875ae0d990, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#54 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f875ae0d990, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#55 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f87c4363790, child=0x7f875ae0d990, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#56 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f87c4363790, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#57 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f87c4363790, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#58 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f87c4363790, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#59 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f87c4363790, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#60 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f87c4363558, child=0x7f87c4363790, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#61 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f87c4363558, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#62 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f87c4363558, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#63 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f87c4363558, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#64 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f87c4363558, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#65 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f87c43632a0, child=0x7f87c4363558, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#66 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f87c43632a0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#67 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f87c43632a0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#68 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f87c43632a0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#69 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f87c43632a0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#70 0x00007f87c2f3700c in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase (this=this@entry=0x7f87c4363350, phase=phase@entry=WebCore::PaintPhaseFloat, layerFragments=..., context=context@entry=0x7fff7b10cd40, localPaintingInfo=..., paintBehavior=paintBehavior@entry=0, 
    subtreePaintRootForRenderer=subtreePaintRootForRenderer@entry=0x0) at Source/WebCore/rendering/RenderLayer.cpp:4234
#71 0x00007f87c2f3b104 in WebCore::RenderLayer::paintForegroundForFragments (this=this@entry=0x7f87c4363350, layerFragments=..., context=context@entry=0x7fff7b10cd40, transparencyLayerContext=transparencyLayerContext@entry=0x7fff7b10cd40, transparencyPaintDirtyRect=..., haveTransparency=haveTransparency@entry=false, 
    localPaintingInfo=..., paintBehavior=paintBehavior@entry=0, subtreePaintRootForRenderer=subtreePaintRootForRenderer@entry=0x0, selectionOnly=selectionOnly@entry=false, forceBlackText=forceBlackText@entry=false) at Source/WebCore/rendering/RenderLayer.cpp:4209
#72 0x00007f87c2f49f2a in WebCore::RenderLayer::paintLayerContents (this=this@entry=0x7f87c4363350, context=<optimized out>, context@entry=0x7fff7b10cd40, paintingInfo=..., paintFlags=224) at Source/WebCore/rendering/RenderLayer.cpp:3941
#73 0x00007f87c2f4a0c9 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=this@entry=0x7f87c4363350, context=context@entry=0x7fff7b10cd40, paintingInfo=..., paintFlags=paintFlags@entry=224) at Source/WebCore/rendering/RenderLayer.cpp:3701
#74 0x00007f87c2f4a8a0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7f87c4363350, context=context@entry=0x7fff7b10cd40, paintingInfo=..., paintFlags=paintFlags@entry=224) at Source/WebCore/rendering/RenderLayer.cpp:3683
#75 0x00007f87c2f4baea in WebCore::RenderLayer::paintList (this=0x7f87c4363178, list=0x7f87c431b800, context=0x7fff7b10cd40, paintingInfo=..., paintFlags=224) at Source/WebCore/rendering/RenderLayer.cpp:4027
#76 0x00007f87c2f49a7a in WebCore::RenderLayer::paintLayerContents (this=this@entry=0x7f87c4363178, context=<optimized out>, context@entry=0x7fff7b10cd40, paintingInfo=..., paintFlags=224) at Source/WebCore/rendering/RenderLayer.cpp:3952
#77 0x00007f87c2f4a0c9 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=this@entry=0x7f87c4363178, context=context@entry=0x7fff7b10cd40, paintingInfo=..., paintFlags=paintFlags@entry=0) at Source/WebCore/rendering/RenderLayer.cpp:3701
#78 0x00007f87c2f4a8a0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7f87c4363178, context=context@entry=0x7fff7b10cd40, paintingInfo=..., paintFlags=paintFlags@entry=0) at Source/WebCore/rendering/RenderLayer.cpp:3683
#79 0x00007f87c2f4aa7c in WebCore::RenderLayer::paint (this=0x7f87c4363178, context=0x7fff7b10cd40, damageRect=..., paintBehavior=0, subtreePaintRoot=0x0, region=0x0, paintFlags=0) at Source/WebCore/rendering/RenderLayer.cpp:3494
#80 0x00007f87c2e246ad in WebCore::FrameView::paintContents (this=0x7f87c437aa00, p=0x7fff7b10cd40, rect=...) at Source/WebCore/page/FrameView.cpp:3577
#81 0x00007f87c348d84c in WebCore::ScrollView::paint (this=0x7f87c437aa00, context=0x7fff7b10cd40, rect=...) at Source/WebCore/platform/ScrollView.cpp:1094
#82 0x00007f87c269fb7c in WebKit::ChromeClient::paint (this=0x11d5b10) at Source/WebKit/gtk/WebCoreSupport/ChromeClientGtk.cpp:563
#83 0x00007f87c2787a69 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7f87c436f1b8) at Source/WebCore/platform/ThreadTimers.cpp:129
#84 0x00007f87c279bcf2 in WebCore::timeout_cb () at Source/WebCore/platform/gtk/SharedTimerGtk.cpp:49
#85 0x00007f87bf5d0d53 in g_timeout_dispatch (source=source@entry=0x1b6e270, callback=<optimized out>, user_data=<optimized out>) at gmain.c:4443
#86 0x00007f87bf5d01f6 in g_main_dispatch (context=0x1185fb0) at gmain.c:3058
#87 g_main_context_dispatch (context=context@entry=0x1185fb0) at gmain.c:3634
#88 0x00007f87bf5d0548 in g_main_context_iterate (context=0x1185fb0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3705
#89 0x00007f87bf5d094a in g_main_loop_run (loop=0x1acf160) at gmain.c:3899
#90 0x00007f87c155b49d in gtk_main () at gtkmain.c:1157
#91 0x0000000000409d24 in main (argc=3, argv=0x7fff7b10d1e8) at src/uzbl-core.c:297

Comment 1 Tomas Popela 2013-07-23 14:48:56 UTC

Hi Ben,
thank you for your bug report. Can you please try to reproduce it with webkitgtk3-2.1.3-1.fc20 as for me it's not crashing.

Comment 2 Ben Boeckel 2013-07-24 01:45:49 UTC

Nope, still happening. Different backtrace though. I'm using this branch[1].

#0  0x00007ffff5ab489c in WTFCrash () at Source/WTF/wtf/Assertions.cpp:339
#1  0x00007ffff62542f5 in overflowed () at Source/WTF/wtf/CheckedArithmetic.h:80
#2  at (i=9, this=0x7fff8ed4fd08) at Source/WTF/wtf/Vector.h:561
#3  operator[] (i=9, this=0x7fff8ed4fd08) at Source/WTF/wtf/Vector.h:581
#4  WebCore::BitmapImage::destroyDecodedData (this=0x7fff8ed4fcc0, destroyAll=<optimized out>) at Source/WebCore/platform/graphics/BitmapImage.cpp:89
#5  0x00007ffff62548b4 in WebCore::BitmapImage::internalAdvanceAnimation (this=0x7fff8ed4fcc0, skippingFrames=<optimized out>) at Source/WebCore/platform/graphics/BitmapImage.cpp:547
#6  0x00007ffff6254be3 in WebCore::BitmapImage::startAnimation (this=0x7fff8ed4fcc0, catchUpIfNecessary=<optimized out>) at Source/WebCore/platform/graphics/BitmapImage.cpp:449
#7  0x00007ffff6229f34 in WebCore::BitmapImage::draw (this=0x7fff8ed4fcc0, context=0x7fffffffca20, dst=..., src=..., styleColorSpace=WebCore::ColorSpaceDeviceRGB, op=WebCore::CompositeSourceOver, blendMode=WebCore::BlendModeNormal, shouldRespectImageOrientation=WebCore::DoNotRespectImageOrientation)
    at Source/WebCore/platform/graphics/cairo/BitmapImageCairo.cpp:78
#8  0x00007ffff6273c61 in WebCore::GraphicsContext::drawImage (this=this@entry=0x7fffffffca20, image=image@entry=0x7fff8ed4fcc0, styleColorSpace=styleColorSpace@entry=WebCore::ColorSpaceDeviceRGB, dest=..., src=..., op=op@entry=WebCore::CompositeSourceOver, 
    shouldRespectImageOrientation=shouldRespectImageOrientation@entry=WebCore::DoNotRespectImageOrientation, useLowQualityScale=useLowQualityScale@entry=false) at Source/WebCore/platform/graphics/GraphicsContext.cpp:493
#9  0x00007ffff6273e16 in WebCore::GraphicsContext::drawImage (this=this@entry=0x7fffffffca20, image=0x7fff8ed4fcc0, styleColorSpace=styleColorSpace@entry=WebCore::ColorSpaceDeviceRGB, r=..., op=op@entry=WebCore::CompositeSourceOver, 
    shouldRespectImageOrientation=shouldRespectImageOrientation@entry=WebCore::DoNotRespectImageOrientation, useLowQualityScale=useLowQualityScale@entry=false) at Source/WebCore/platform/graphics/GraphicsContext.cpp:483
#10 0x00007ffff6ab5c91 in WebCore::RenderImage::paintIntoRect (this=0x7fff8def3f98, context=0x7fffffffca20, rect=...) at Source/WebCore/rendering/RenderImage.cpp:478
#11 0x00007ffff6ab62dd in WebCore::RenderImage::paintReplaced (this=0x7fff8def3f98, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderImage.cpp:396
#12 0x00007ffff6b2a0ec in WebCore::RenderReplaced::paint (this=this@entry=0x7fff8def3f98, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderReplaced.cpp:158
#13 0x00007ffff6ab72e1 in WebCore::RenderImage::paint (this=0x7fff8def3f98, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderImage.cpp:411
#14 0x00007ffff6a01f7d in WebCore::InlineBox::paint (this=0x7fff8df43868, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/InlineBox.cpp:237
#15 0x00007ffff6a0a668 in WebCore::InlineFlowBox::paint (this=this@entry=0x7fff8df438a0, paintInfo=..., paintOffset=..., lineTop=lineTop@entry=..., lineBottom=..., lineBottom@entry=...) at Source/WebCore/rendering/InlineFlowBox.cpp:1170
#16 0x00007ffff6b7df6c in WebCore::RootInlineBox::paint (this=0x7fff8df438a0, paintInfo=..., paintOffset=..., lineTop=..., lineBottom=...) at Source/WebCore/rendering/RootInlineBox.cpp:218
#17 0x00007ffff6af4a36 in WebCore::RenderLineBoxList::paint (this=this@entry=0x7fff8def3f18, renderer=renderer@entry=0x7fff8def3e80, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderLineBoxList.cpp:262
#18 0x00007ffff6a17bbd in WebCore::RenderBlock::paintContents (this=0x7fff8def3e80, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3156
#19 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7fff8def3e80, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#20 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7fff8def3e80, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#21 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7fff8def3770, child=0x7fff8def3e80, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#22 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7fff8def3770, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#23 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7fff8def3770, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#24 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7fff8def3770, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#25 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7fff8def3770, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#26 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7fff8deefb98, child=0x7fff8def3770, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#27 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7fff8deefb98, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#28 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7fff8deefb98, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#29 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7fff8deefb98, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#30 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7fff8deefb98, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#31 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7fff8e85caa8, child=0x7fff8deefb98, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#32 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7fff8e85caa8, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#33 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7fff8e85caa8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#34 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7fff8e85caa8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#35 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7fff8e85caa8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#36 0x00007ffff6a1834a in WebCore::RenderBlock::paintFloats (this=0x7fff8e890660, paintInfo=..., paintOffset=..., preservePhase=false) at Source/WebCore/rendering/RenderBlock.cpp:3364
#37 0x00007ffff6a2ed31 in WebCore::RenderBlock::paintObject (this=0x7fff8e890660, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3288
#38 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7fff8e890660, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#39 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7ffff7f3dce0, child=0x7fff8e890660, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#40 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7ffff7f3dce0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#41 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7ffff7f3dce0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#42 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7ffff7f3dce0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#43 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7ffff7f3dce0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#44 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7fff8e897990, child=0x7ffff7f3dce0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#45 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7fff8e897990, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#46 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7fff8e897990, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#47 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7fff8e897990, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#48 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7fff8e897990, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#49 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7ffff7eed6b0, child=0x7fff8e897990, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#50 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7ffff7eed6b0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#51 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7ffff7eed6b0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#52 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7ffff7eed6b0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#53 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7ffff7eed6b0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#54 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7ffff7eed478, child=0x7ffff7eed6b0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#55 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7ffff7eed478, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#56 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7ffff7eed478, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#57 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7ffff7eed478, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#58 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7ffff7eed478, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#59 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7ffff7eed2a0, child=0x7ffff7eed478, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#60 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7ffff7eed2a0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#61 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7ffff7eed2a0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#62 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7ffff7eed2a0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#63 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7ffff7eed2a0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#64 0x00007ffff6ac7b1c in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase (this=this@entry=0x7ffff7eed350, phase=phase@entry=WebCore::PaintPhaseFloat, layerFragments=..., context=context@entry=0x7fffffffca20, localPaintingInfo=..., paintBehavior=paintBehavior@entry=0, 
    subtreePaintRootForRenderer=subtreePaintRootForRenderer@entry=0x0) at Source/WebCore/rendering/RenderLayer.cpp:4236
#65 0x00007ffff6acbf54 in WebCore::RenderLayer::paintForegroundForFragments (this=this@entry=0x7ffff7eed350, layerFragments=..., context=context@entry=0x7fffffffca20, transparencyLayerContext=transparencyLayerContext@entry=0x7fffffffca20, transparencyPaintDirtyRect=..., haveTransparency=haveTransparency@entry=false, 
    localPaintingInfo=..., paintBehavior=paintBehavior@entry=0, subtreePaintRootForRenderer=subtreePaintRootForRenderer@entry=0x0, selectionOnly=selectionOnly@entry=false, forceBlackText=forceBlackText@entry=false) at Source/WebCore/rendering/RenderLayer.cpp:4211
#66 0x00007ffff6adb86b in WebCore::RenderLayer::paintLayerContents (this=this@entry=0x7ffff7eed350, context=<optimized out>, context@entry=0x7fffffffca20, paintingInfo=..., paintFlags=224) at Source/WebCore/rendering/RenderLayer.cpp:3943
#67 0x00007ffff6adba29 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=this@entry=0x7ffff7eed350, context=context@entry=0x7fffffffca20, paintingInfo=..., paintFlags=paintFlags@entry=224) at Source/WebCore/rendering/RenderLayer.cpp:3703
#68 0x00007ffff6adc2a0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7ffff7eed350, context=context@entry=0x7fffffffca20, paintingInfo=..., paintFlags=paintFlags@entry=224) at Source/WebCore/rendering/RenderLayer.cpp:3685
#69 0x00007ffff6add58a in WebCore::RenderLayer::paintList (this=0x7ffff7eed178, list=0x7fff9117cf60, context=0x7fffffffca20, paintingInfo=..., paintFlags=224) at Source/WebCore/rendering/RenderLayer.cpp:4029
#70 0x00007ffff6adb3cf in WebCore::RenderLayer::paintLayerContents (this=this@entry=0x7ffff7eed178, context=<optimized out>, context@entry=0x7fffffffca20, paintingInfo=..., paintFlags=224) at Source/WebCore/rendering/RenderLayer.cpp:3954
#71 0x00007ffff6adba29 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=this@entry=0x7ffff7eed178, context=context@entry=0x7fffffffca20, paintingInfo=..., paintFlags=paintFlags@entry=0) at Source/WebCore/rendering/RenderLayer.cpp:3703
#72 0x00007ffff6adc2a0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7ffff7eed178, context=context@entry=0x7fffffffca20, paintingInfo=..., paintFlags=paintFlags@entry=0) at Source/WebCore/rendering/RenderLayer.cpp:3685
#73 0x00007ffff6adc49c in WebCore::RenderLayer::paint (this=0x7ffff7eed178, context=0x7fffffffca20, damageRect=..., paintBehavior=0, subtreePaintRoot=0x0, region=0x0, paintFlags=0) at Source/WebCore/rendering/RenderLayer.cpp:3496
#74 0x00007ffff69acb35 in WebCore::FrameView::paintContents (this=0x7ffff7f04a00, p=0x7fffffffca20, rect=...) at Source/WebCore/page/FrameView.cpp:3614
#75 0x00007ffff7050cb4 in WebCore::ScrollView::paint (this=0x7ffff7f04a00, context=0x7fffffffca20, rect=...) at Source/WebCore/platform/ScrollView.cpp:1097
#76 0x00007ffff61e59fc in WebKit::ChromeClient::paint (this=0x676ae0) at Source/WebKit/gtk/WebCoreSupport/ChromeClientGtk.cpp:563
#77 0x00007ffff62d6ec9 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7ffff7ef91e0) at Source/WebCore/platform/ThreadTimers.cpp:129
#78 0x00007ffff62eb842 in WebCore::timeout_cb () at Source/WebCore/platform/gtk/SharedTimerGtk.cpp:49
#79 0x00007ffff30faac3 in g_timeout_dispatch (source=source@entry=0xfe2d50, callback=<optimized out>, user_data=<optimized out>) at gmain.c:4449
#80 0x00007ffff30f9f26 in g_main_dispatch (context=0x67a710) at gmain.c:3064
#81 g_main_context_dispatch (context=context@entry=0x67a710) at gmain.c:3640
#82 0x00007ffff30fa2a8 in g_main_context_iterate (context=0x67a710, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3711
#83 0x00007ffff30fa6ba in g_main_loop_run (loop=0xe10cb0) at gmain.c:3905
#84 0x00007ffff509a46d in gtk_main () at gtkmain.c:1157
#85 0x0000000000409ba7 in main (argc=3, argv=0x7fffffffcf78) at src/uzbl-core.c:297

[1]https://github.com/mathstuf/uzbl/tree/next

Comment 3 Ben Boeckel 2013-08-15 22:31:26 UTC

Possibly related: https://bugs.webkit.org/show_bug.cgi?id=16200

Comment 4 Fedora End Of Life 2013-09-16 14:24:58 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20

Comment 5 Ben Boeckel 2014-03-03 19:43:57 UTC

Seems to work with webkitgtk3-2.2.5-1.fc20.x86_64.

Note You need to log in before you can comment on or make changes to this bug.