Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 981921 - NULL ptr when displaying looped gif images
Summary: NULL ptr when displaying looped gif images
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: webkitgtk3
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Matthias Clasen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-07 02:31 UTC by Ben Boeckel
Modified: 2014-03-03 19:43 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-03 19:43:57 UTC


Attachments (Terms of Use)

Description Ben Boeckel 2013-07-07 02:31:24 UTC
Description of problem:
Crash when displaying a GIF which has looped within a page (straight up animated GIFs are fine).

Version-Release number of selected component (if applicable):
webkitgtk3-2.1.2-1.fc20.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Load up https://github.com/Shougo/unite.vim
2. Scroll down to trigger the GIF referenced in the README.md
3. Wait for the GIF to loop
4. Scroll around

'dest' is a bad pointer:

*dest = (a << 24 | r << 16 | g << 8 | b);

The caller:

buffer.setRGBA(currentAddress, colorMap[colorIndex], colorMap[colorIndex + 1], colorMap[colorIndex + 2], 255);

Here is that buffer:

(gdb) p *this
$3 = {static fixPointShift = 24, static fixPointMult = 65794, m_backingStore = {<WTF::VectorBuffer<unsigned int, 0ul>> = {<WTF::VectorBufferBase<unsigned int>> = {m_buffer = 0x0, m_capacity = 0}, <No data fields>}, m_size = 0}, m_bytes = 0x0, m_size = {m_width = 728, m_height = 518}, 
  m_colorProfile = {<WTF::VectorBuffer<char, 0ul>> = {<WTF::VectorBufferBase<char>> = {m_buffer = 0x0, m_capacity = 0}, <No data fields>}, m_size = 0}, m_hasAlpha = false, m_originalFrameRect = {m_location = {m_x = 4, m_y = 503}, m_size = {m_width = 724, m_height = 15}}, m_status = WebCore::ImageFrame::FramePartial, 
  m_duration = 100, m_disposalMethod = WebCore::ImageFrame::DisposeKeep, m_premultiplyAlpha = true}

currentAddress is computed via buffer.getBytes() which is basing it off of buffer.m_bytes which is NULL. I'm unsure where it is getting this state (a backing store failed?).

Backtrace:

#0  0x00007f87c27432d6 in setRGBA (this=0x7f87c438a058, a=255, b=<optimized out>, g=<optimized out>, r=<optimized out>, dest=0x1659b0) at Source/WebCore/platform/image-decoders/ImageDecoder.h:159
#1  WebCore::GIFImageDecoder::haveDecodedRow (this=0x7f875a593380, frameIndex=<optimized out>, rowBuffer=..., width=<optimized out>, rowNumber=<optimized out>, repeatCount=1, writeTransparentPixels=false) at Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:226
#2  0x00007f87c2744454 in GIFLZWContext::outputRow (this=this@entry=0x7f8753826500) at Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:152
#3  0x00007f87c27448b1 in GIFLZWContext::doLZW (this=0x7f8753826500, block=block@entry=0x7f8757edd451 "\240\225MQ$\225\021\031QՅep,\317tm\337x\256\357|\357\377\300\240pH,\032\217Ȥr\311l:\237Шt:s(\f\b\205\"q\335\026\f\214ƂJ.\233\317\350\264z\315n\273\337\360\370s@\310&\f\206\004\201\213\300\026", bytesInBlock=212)
    at Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:306
#4  0x00007f87c2745067 in GIFFrameContext::decode (this=this@entry=0x7f8753c34de0, data=0x7f8757ebd000 "GIF89a\330\002\006\002\367\377", length=length@entry=3113146, client=client@entry=0x7f875a593380, frameDecoded=frameDecoded@entry=0x7fff7b10a93f) at Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:340
#5  0x00007f87c2745fca in GIFImageReader::decode (this=0x7f875b0c90e0, query=query@entry=WebCore::GIFImageDecoder::GIFFullQuery, haltAtFrame=haltAtFrame@entry=2) at Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:371
#6  0x00007f87c2743cdf in WebCore::GIFImageDecoder::decode (this=0x7f875a593380, haltAtFrame=2, query=WebCore::GIFImageDecoder::GIFFullQuery) at Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:333
#7  0x00007f87c27440da in WebCore::GIFImageDecoder::frameBufferAtIndex (this=0x7f875a593380, index=1) at Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:124
#8  0x00007f87c272deeb in WebCore::ImageSource::createFrameAtIndex (this=this@entry=0x7f875a116020, index=index@entry=1) at Source/WebCore/platform/graphics/ImageSource.cpp:144
#9  0x00007f87c2709250 in WebCore::BitmapImage::cacheFrame (this=this@entry=0x7f875a116000, index=index@entry=1) at Source/WebCore/platform/graphics/BitmapImage.cpp:137
#10 0x00007f87c27095e2 in WebCore::BitmapImage::ensureFrameIsCached (this=0x7f875a116000, index=1) at Source/WebCore/platform/graphics/BitmapImage.cpp:295
#11 0x00007f87c27096b1 in WebCore::BitmapImage::frameIsCompleteAtIndex (this=0x7f875a116000, index=1) at Source/WebCore/platform/graphics/BitmapImage.cpp:308
#12 0x00007f87c27099d6 in WebCore::BitmapImage::startAnimation (this=0x7f875a116000, catchUpIfNecessary=<optimized out>) at Source/WebCore/platform/graphics/BitmapImage.cpp:442
#13 0x00007f87c26e1c24 in WebCore::BitmapImage::draw (this=0x7f875a116000, context=0x7fff7b10cd40, dst=..., src=..., styleColorSpace=WebCore::ColorSpaceDeviceRGB, op=WebCore::CompositeSourceOver, blendMode=WebCore::BlendModeNormal, shouldRespectImageOrientation=WebCore::DoNotRespectImageOrientation)
    at Source/WebCore/platform/graphics/cairo/BitmapImageCairo.cpp:78
#14 0x00007f87c2727be1 in WebCore::GraphicsContext::drawImage (this=this@entry=0x7fff7b10cd40, image=image@entry=0x7f875a116000, styleColorSpace=styleColorSpace@entry=WebCore::ColorSpaceDeviceRGB, dest=..., src=..., op=op@entry=WebCore::CompositeSourceOver, 
    shouldRespectImageOrientation=shouldRespectImageOrientation@entry=WebCore::DoNotRespectImageOrientation, useLowQualityScale=useLowQualityScale@entry=false) at Source/WebCore/platform/graphics/GraphicsContext.cpp:493
#15 0x00007f87c2727d56 in WebCore::GraphicsContext::drawImage (this=this@entry=0x7fff7b10cd40, image=0x7f875a116000, styleColorSpace=styleColorSpace@entry=WebCore::ColorSpaceDeviceRGB, r=..., op=op@entry=WebCore::CompositeSourceOver, 
    shouldRespectImageOrientation=shouldRespectImageOrientation@entry=WebCore::DoNotRespectImageOrientation, useLowQualityScale=useLowQualityScale@entry=false) at Source/WebCore/platform/graphics/GraphicsContext.cpp:483
#16 0x00007f87c2f25e79 in WebCore::RenderImage::paintIntoRect (this=0x7f875ae4cc40, context=0x7fff7b10cd40, rect=...) at Source/WebCore/rendering/RenderImage.cpp:478
#17 0x00007f87c2f264df in WebCore::RenderImage::paintReplaced (this=0x7f875ae4cc40, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderImage.cpp:396
#18 0x00007f87c2f962cc in WebCore::RenderReplaced::paint (this=this@entry=0x7f875ae4cc40, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderReplaced.cpp:158
#19 0x00007f87c2f274f1 in WebCore::RenderImage::paint (this=0x7f875ae4cc40, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderImage.cpp:411
#20 0x00007f87c2e776fd in WebCore::InlineBox::paint (this=0x7f875a090fc8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/InlineBox.cpp:237
#21 0x00007f87c2e7f788 in WebCore::InlineFlowBox::paint (this=this@entry=0x7f875a091000, paintInfo=..., paintOffset=..., lineTop=lineTop@entry=..., lineBottom=..., lineBottom@entry=...) at Source/WebCore/rendering/InlineFlowBox.cpp:1150
#22 0x00007f87c2fe7f8c in WebCore::RootInlineBox::paint (this=0x7f875a091000, paintInfo=..., paintOffset=..., lineTop=..., lineBottom=...) at Source/WebCore/rendering/RootInlineBox.cpp:218
#23 0x00007f87c2f626c6 in WebCore::RenderLineBoxList::paint (this=this@entry=0x7f875ae4cbc0, renderer=renderer@entry=0x7f875ae4cb28, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderLineBoxList.cpp:262
#24 0x00007f87c2e8c46d in WebCore::RenderBlock::paintContents (this=0x7f875ae4cb28, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3140
#25 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f875ae4cb28, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#26 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f875ae4cb28, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#27 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f875ae4c418, child=0x7f875ae4cb28, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#28 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f875ae4c418, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#29 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f875ae4c418, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#30 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f875ae4c418, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#31 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f875ae4c418, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#32 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f875ae4b8d8, child=0x7f875ae4c418, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#33 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f875ae4b8d8, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#34 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f875ae4b8d8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#35 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f875ae4b8d8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#36 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f875ae4b8d8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#37 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f875b059448, child=0x7f875ae4b8d8, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#38 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f875b059448, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#39 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f875b059448, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#40 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f875b059448, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#41 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f875b059448, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#42 0x00007f87c2e8ce93 in WebCore::RenderBlock::paintFloats (this=0x7f875b398418, paintInfo=..., paintOffset=..., preservePhase=false) at Source/WebCore/rendering/RenderBlock.cpp:3348
#43 0x00007f87c2ea2c41 in WebCore::RenderBlock::paintObject (this=0x7f875b398418, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3272
#44 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f875b398418, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#45 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f876061eaa0, child=0x7f875b398418, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#46 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f876061eaa0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#47 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f876061eaa0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#48 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f876061eaa0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#49 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f876061eaa0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#50 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f875ae0d990, child=0x7f876061eaa0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#51 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f875ae0d990, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#52 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f875ae0d990, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#53 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f875ae0d990, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#54 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f875ae0d990, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#55 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f87c4363790, child=0x7f875ae0d990, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#56 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f87c4363790, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#57 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f87c4363790, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#58 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f87c4363790, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#59 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f87c4363790, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#60 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f87c4363558, child=0x7f87c4363790, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#61 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f87c4363558, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#62 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f87c4363558, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#63 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f87c4363558, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#64 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f87c4363558, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#65 0x00007f87c2e8c5a1 in WebCore::RenderBlock::paintChild (this=0x7f87c43632a0, child=0x7f87c4363558, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3191
#66 0x00007f87c2e8c710 in WebCore::RenderBlock::paintChildren (this=0x7f87c43632a0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3160
#67 0x00007f87c2e8c418 in WebCore::RenderBlock::paintContents (this=0x7f87c43632a0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3153
#68 0x00007f87c2ea2c23 in WebCore::RenderBlock::paintObject (this=0x7f87c43632a0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3258
#69 0x00007f87c2e88522 in WebCore::RenderBlock::paint (this=0x7f87c43632a0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2974
#70 0x00007f87c2f3700c in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase (this=this@entry=0x7f87c4363350, phase=phase@entry=WebCore::PaintPhaseFloat, layerFragments=..., context=context@entry=0x7fff7b10cd40, localPaintingInfo=..., paintBehavior=paintBehavior@entry=0, 
    subtreePaintRootForRenderer=subtreePaintRootForRenderer@entry=0x0) at Source/WebCore/rendering/RenderLayer.cpp:4234
#71 0x00007f87c2f3b104 in WebCore::RenderLayer::paintForegroundForFragments (this=this@entry=0x7f87c4363350, layerFragments=..., context=context@entry=0x7fff7b10cd40, transparencyLayerContext=transparencyLayerContext@entry=0x7fff7b10cd40, transparencyPaintDirtyRect=..., haveTransparency=haveTransparency@entry=false, 
    localPaintingInfo=..., paintBehavior=paintBehavior@entry=0, subtreePaintRootForRenderer=subtreePaintRootForRenderer@entry=0x0, selectionOnly=selectionOnly@entry=false, forceBlackText=forceBlackText@entry=false) at Source/WebCore/rendering/RenderLayer.cpp:4209
#72 0x00007f87c2f49f2a in WebCore::RenderLayer::paintLayerContents (this=this@entry=0x7f87c4363350, context=<optimized out>, context@entry=0x7fff7b10cd40, paintingInfo=..., paintFlags=224) at Source/WebCore/rendering/RenderLayer.cpp:3941
#73 0x00007f87c2f4a0c9 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=this@entry=0x7f87c4363350, context=context@entry=0x7fff7b10cd40, paintingInfo=..., paintFlags=paintFlags@entry=224) at Source/WebCore/rendering/RenderLayer.cpp:3701
#74 0x00007f87c2f4a8a0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7f87c4363350, context=context@entry=0x7fff7b10cd40, paintingInfo=..., paintFlags=paintFlags@entry=224) at Source/WebCore/rendering/RenderLayer.cpp:3683
#75 0x00007f87c2f4baea in WebCore::RenderLayer::paintList (this=0x7f87c4363178, list=0x7f87c431b800, context=0x7fff7b10cd40, paintingInfo=..., paintFlags=224) at Source/WebCore/rendering/RenderLayer.cpp:4027
#76 0x00007f87c2f49a7a in WebCore::RenderLayer::paintLayerContents (this=this@entry=0x7f87c4363178, context=<optimized out>, context@entry=0x7fff7b10cd40, paintingInfo=..., paintFlags=224) at Source/WebCore/rendering/RenderLayer.cpp:3952
#77 0x00007f87c2f4a0c9 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=this@entry=0x7f87c4363178, context=context@entry=0x7fff7b10cd40, paintingInfo=..., paintFlags=paintFlags@entry=0) at Source/WebCore/rendering/RenderLayer.cpp:3701
#78 0x00007f87c2f4a8a0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7f87c4363178, context=context@entry=0x7fff7b10cd40, paintingInfo=..., paintFlags=paintFlags@entry=0) at Source/WebCore/rendering/RenderLayer.cpp:3683
#79 0x00007f87c2f4aa7c in WebCore::RenderLayer::paint (this=0x7f87c4363178, context=0x7fff7b10cd40, damageRect=..., paintBehavior=0, subtreePaintRoot=0x0, region=0x0, paintFlags=0) at Source/WebCore/rendering/RenderLayer.cpp:3494
#80 0x00007f87c2e246ad in WebCore::FrameView::paintContents (this=0x7f87c437aa00, p=0x7fff7b10cd40, rect=...) at Source/WebCore/page/FrameView.cpp:3577
#81 0x00007f87c348d84c in WebCore::ScrollView::paint (this=0x7f87c437aa00, context=0x7fff7b10cd40, rect=...) at Source/WebCore/platform/ScrollView.cpp:1094
#82 0x00007f87c269fb7c in WebKit::ChromeClient::paint (this=0x11d5b10) at Source/WebKit/gtk/WebCoreSupport/ChromeClientGtk.cpp:563
#83 0x00007f87c2787a69 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7f87c436f1b8) at Source/WebCore/platform/ThreadTimers.cpp:129
#84 0x00007f87c279bcf2 in WebCore::timeout_cb () at Source/WebCore/platform/gtk/SharedTimerGtk.cpp:49
#85 0x00007f87bf5d0d53 in g_timeout_dispatch (source=source@entry=0x1b6e270, callback=<optimized out>, user_data=<optimized out>) at gmain.c:4443
#86 0x00007f87bf5d01f6 in g_main_dispatch (context=0x1185fb0) at gmain.c:3058
#87 g_main_context_dispatch (context=context@entry=0x1185fb0) at gmain.c:3634
#88 0x00007f87bf5d0548 in g_main_context_iterate (context=0x1185fb0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3705
#89 0x00007f87bf5d094a in g_main_loop_run (loop=0x1acf160) at gmain.c:3899
#90 0x00007f87c155b49d in gtk_main () at gtkmain.c:1157
#91 0x0000000000409d24 in main (argc=3, argv=0x7fff7b10d1e8) at src/uzbl-core.c:297

Comment 1 Tomas Popela 2013-07-23 14:48:56 UTC
Hi Ben,
thank you for your bug report. Can you please try to reproduce it with webkitgtk3-2.1.3-1.fc20 as for me it's not crashing.

Comment 2 Ben Boeckel 2013-07-24 01:45:49 UTC
Nope, still happening. Different backtrace though. I'm using this branch[1].

#0  0x00007ffff5ab489c in WTFCrash () at Source/WTF/wtf/Assertions.cpp:339
#1  0x00007ffff62542f5 in overflowed () at Source/WTF/wtf/CheckedArithmetic.h:80
#2  at (i=9, this=0x7fff8ed4fd08) at Source/WTF/wtf/Vector.h:561
#3  operator[] (i=9, this=0x7fff8ed4fd08) at Source/WTF/wtf/Vector.h:581
#4  WebCore::BitmapImage::destroyDecodedData (this=0x7fff8ed4fcc0, destroyAll=<optimized out>) at Source/WebCore/platform/graphics/BitmapImage.cpp:89
#5  0x00007ffff62548b4 in WebCore::BitmapImage::internalAdvanceAnimation (this=0x7fff8ed4fcc0, skippingFrames=<optimized out>) at Source/WebCore/platform/graphics/BitmapImage.cpp:547
#6  0x00007ffff6254be3 in WebCore::BitmapImage::startAnimation (this=0x7fff8ed4fcc0, catchUpIfNecessary=<optimized out>) at Source/WebCore/platform/graphics/BitmapImage.cpp:449
#7  0x00007ffff6229f34 in WebCore::BitmapImage::draw (this=0x7fff8ed4fcc0, context=0x7fffffffca20, dst=..., src=..., styleColorSpace=WebCore::ColorSpaceDeviceRGB, op=WebCore::CompositeSourceOver, blendMode=WebCore::BlendModeNormal, shouldRespectImageOrientation=WebCore::DoNotRespectImageOrientation)
    at Source/WebCore/platform/graphics/cairo/BitmapImageCairo.cpp:78
#8  0x00007ffff6273c61 in WebCore::GraphicsContext::drawImage (this=this@entry=0x7fffffffca20, image=image@entry=0x7fff8ed4fcc0, styleColorSpace=styleColorSpace@entry=WebCore::ColorSpaceDeviceRGB, dest=..., src=..., op=op@entry=WebCore::CompositeSourceOver, 
    shouldRespectImageOrientation=shouldRespectImageOrientation@entry=WebCore::DoNotRespectImageOrientation, useLowQualityScale=useLowQualityScale@entry=false) at Source/WebCore/platform/graphics/GraphicsContext.cpp:493
#9  0x00007ffff6273e16 in WebCore::GraphicsContext::drawImage (this=this@entry=0x7fffffffca20, image=0x7fff8ed4fcc0, styleColorSpace=styleColorSpace@entry=WebCore::ColorSpaceDeviceRGB, r=..., op=op@entry=WebCore::CompositeSourceOver, 
    shouldRespectImageOrientation=shouldRespectImageOrientation@entry=WebCore::DoNotRespectImageOrientation, useLowQualityScale=useLowQualityScale@entry=false) at Source/WebCore/platform/graphics/GraphicsContext.cpp:483
#10 0x00007ffff6ab5c91 in WebCore::RenderImage::paintIntoRect (this=0x7fff8def3f98, context=0x7fffffffca20, rect=...) at Source/WebCore/rendering/RenderImage.cpp:478
#11 0x00007ffff6ab62dd in WebCore::RenderImage::paintReplaced (this=0x7fff8def3f98, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderImage.cpp:396
#12 0x00007ffff6b2a0ec in WebCore::RenderReplaced::paint (this=this@entry=0x7fff8def3f98, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderReplaced.cpp:158
#13 0x00007ffff6ab72e1 in WebCore::RenderImage::paint (this=0x7fff8def3f98, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderImage.cpp:411
#14 0x00007ffff6a01f7d in WebCore::InlineBox::paint (this=0x7fff8df43868, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/InlineBox.cpp:237
#15 0x00007ffff6a0a668 in WebCore::InlineFlowBox::paint (this=this@entry=0x7fff8df438a0, paintInfo=..., paintOffset=..., lineTop=lineTop@entry=..., lineBottom=..., lineBottom@entry=...) at Source/WebCore/rendering/InlineFlowBox.cpp:1170
#16 0x00007ffff6b7df6c in WebCore::RootInlineBox::paint (this=0x7fff8df438a0, paintInfo=..., paintOffset=..., lineTop=..., lineBottom=...) at Source/WebCore/rendering/RootInlineBox.cpp:218
#17 0x00007ffff6af4a36 in WebCore::RenderLineBoxList::paint (this=this@entry=0x7fff8def3f18, renderer=renderer@entry=0x7fff8def3e80, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderLineBoxList.cpp:262
#18 0x00007ffff6a17bbd in WebCore::RenderBlock::paintContents (this=0x7fff8def3e80, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3156
#19 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7fff8def3e80, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#20 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7fff8def3e80, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#21 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7fff8def3770, child=0x7fff8def3e80, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#22 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7fff8def3770, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#23 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7fff8def3770, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#24 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7fff8def3770, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#25 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7fff8def3770, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#26 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7fff8deefb98, child=0x7fff8def3770, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#27 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7fff8deefb98, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#28 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7fff8deefb98, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#29 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7fff8deefb98, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#30 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7fff8deefb98, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#31 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7fff8e85caa8, child=0x7fff8deefb98, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#32 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7fff8e85caa8, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#33 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7fff8e85caa8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#34 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7fff8e85caa8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#35 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7fff8e85caa8, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#36 0x00007ffff6a1834a in WebCore::RenderBlock::paintFloats (this=0x7fff8e890660, paintInfo=..., paintOffset=..., preservePhase=false) at Source/WebCore/rendering/RenderBlock.cpp:3364
#37 0x00007ffff6a2ed31 in WebCore::RenderBlock::paintObject (this=0x7fff8e890660, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3288
#38 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7fff8e890660, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#39 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7ffff7f3dce0, child=0x7fff8e890660, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#40 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7ffff7f3dce0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#41 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7ffff7f3dce0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#42 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7ffff7f3dce0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#43 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7ffff7f3dce0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#44 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7fff8e897990, child=0x7ffff7f3dce0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#45 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7fff8e897990, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#46 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7fff8e897990, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#47 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7fff8e897990, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#48 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7fff8e897990, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#49 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7ffff7eed6b0, child=0x7fff8e897990, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#50 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7ffff7eed6b0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#51 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7ffff7eed6b0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#52 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7ffff7eed6b0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#53 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7ffff7eed6b0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#54 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7ffff7eed478, child=0x7ffff7eed6b0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#55 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7ffff7eed478, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#56 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7ffff7eed478, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#57 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7ffff7eed478, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#58 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7ffff7eed478, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#59 0x00007ffff6a17d01 in WebCore::RenderBlock::paintChild (this=0x7ffff7eed2a0, child=0x7ffff7eed478, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3207
#60 0x00007ffff6a17e70 in WebCore::RenderBlock::paintChildren (this=0x7ffff7eed2a0, paintInfo=..., paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at Source/WebCore/rendering/RenderBlock.cpp:3176
#61 0x00007ffff6a17b58 in WebCore::RenderBlock::paintContents (this=0x7ffff7eed2a0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3169
#62 0x00007ffff6a2ed1b in WebCore::RenderBlock::paintObject (this=0x7ffff7eed2a0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:3274
#63 0x00007ffff6a13922 in WebCore::RenderBlock::paint (this=0x7ffff7eed2a0, paintInfo=..., paintOffset=...) at Source/WebCore/rendering/RenderBlock.cpp:2990
#64 0x00007ffff6ac7b1c in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase (this=this@entry=0x7ffff7eed350, phase=phase@entry=WebCore::PaintPhaseFloat, layerFragments=..., context=context@entry=0x7fffffffca20, localPaintingInfo=..., paintBehavior=paintBehavior@entry=0, 
    subtreePaintRootForRenderer=subtreePaintRootForRenderer@entry=0x0) at Source/WebCore/rendering/RenderLayer.cpp:4236
#65 0x00007ffff6acbf54 in WebCore::RenderLayer::paintForegroundForFragments (this=this@entry=0x7ffff7eed350, layerFragments=..., context=context@entry=0x7fffffffca20, transparencyLayerContext=transparencyLayerContext@entry=0x7fffffffca20, transparencyPaintDirtyRect=..., haveTransparency=haveTransparency@entry=false, 
    localPaintingInfo=..., paintBehavior=paintBehavior@entry=0, subtreePaintRootForRenderer=subtreePaintRootForRenderer@entry=0x0, selectionOnly=selectionOnly@entry=false, forceBlackText=forceBlackText@entry=false) at Source/WebCore/rendering/RenderLayer.cpp:4211
#66 0x00007ffff6adb86b in WebCore::RenderLayer::paintLayerContents (this=this@entry=0x7ffff7eed350, context=<optimized out>, context@entry=0x7fffffffca20, paintingInfo=..., paintFlags=224) at Source/WebCore/rendering/RenderLayer.cpp:3943
#67 0x00007ffff6adba29 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=this@entry=0x7ffff7eed350, context=context@entry=0x7fffffffca20, paintingInfo=..., paintFlags=paintFlags@entry=224) at Source/WebCore/rendering/RenderLayer.cpp:3703
#68 0x00007ffff6adc2a0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7ffff7eed350, context=context@entry=0x7fffffffca20, paintingInfo=..., paintFlags=paintFlags@entry=224) at Source/WebCore/rendering/RenderLayer.cpp:3685
#69 0x00007ffff6add58a in WebCore::RenderLayer::paintList (this=0x7ffff7eed178, list=0x7fff9117cf60, context=0x7fffffffca20, paintingInfo=..., paintFlags=224) at Source/WebCore/rendering/RenderLayer.cpp:4029
#70 0x00007ffff6adb3cf in WebCore::RenderLayer::paintLayerContents (this=this@entry=0x7ffff7eed178, context=<optimized out>, context@entry=0x7fffffffca20, paintingInfo=..., paintFlags=224) at Source/WebCore/rendering/RenderLayer.cpp:3954
#71 0x00007ffff6adba29 in WebCore::RenderLayer::paintLayerContentsAndReflection (this=this@entry=0x7ffff7eed178, context=context@entry=0x7fffffffca20, paintingInfo=..., paintFlags=paintFlags@entry=0) at Source/WebCore/rendering/RenderLayer.cpp:3703
#72 0x00007ffff6adc2a0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7ffff7eed178, context=context@entry=0x7fffffffca20, paintingInfo=..., paintFlags=paintFlags@entry=0) at Source/WebCore/rendering/RenderLayer.cpp:3685
#73 0x00007ffff6adc49c in WebCore::RenderLayer::paint (this=0x7ffff7eed178, context=0x7fffffffca20, damageRect=..., paintBehavior=0, subtreePaintRoot=0x0, region=0x0, paintFlags=0) at Source/WebCore/rendering/RenderLayer.cpp:3496
#74 0x00007ffff69acb35 in WebCore::FrameView::paintContents (this=0x7ffff7f04a00, p=0x7fffffffca20, rect=...) at Source/WebCore/page/FrameView.cpp:3614
#75 0x00007ffff7050cb4 in WebCore::ScrollView::paint (this=0x7ffff7f04a00, context=0x7fffffffca20, rect=...) at Source/WebCore/platform/ScrollView.cpp:1097
#76 0x00007ffff61e59fc in WebKit::ChromeClient::paint (this=0x676ae0) at Source/WebKit/gtk/WebCoreSupport/ChromeClientGtk.cpp:563
#77 0x00007ffff62d6ec9 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7ffff7ef91e0) at Source/WebCore/platform/ThreadTimers.cpp:129
#78 0x00007ffff62eb842 in WebCore::timeout_cb () at Source/WebCore/platform/gtk/SharedTimerGtk.cpp:49
#79 0x00007ffff30faac3 in g_timeout_dispatch (source=source@entry=0xfe2d50, callback=<optimized out>, user_data=<optimized out>) at gmain.c:4449
#80 0x00007ffff30f9f26 in g_main_dispatch (context=0x67a710) at gmain.c:3064
#81 g_main_context_dispatch (context=context@entry=0x67a710) at gmain.c:3640
#82 0x00007ffff30fa2a8 in g_main_context_iterate (context=0x67a710, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3711
#83 0x00007ffff30fa6ba in g_main_loop_run (loop=0xe10cb0) at gmain.c:3905
#84 0x00007ffff509a46d in gtk_main () at gtkmain.c:1157
#85 0x0000000000409ba7 in main (argc=3, argv=0x7fffffffcf78) at src/uzbl-core.c:297

[1]https://github.com/mathstuf/uzbl/tree/next

Comment 3 Ben Boeckel 2013-08-15 22:31:26 UTC
Possibly related: https://bugs.webkit.org/show_bug.cgi?id=16200

Comment 4 Fedora End Of Life 2013-09-16 14:24:58 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20

Comment 5 Ben Boeckel 2014-03-03 19:43:57 UTC
Seems to work with webkitgtk3-2.2.5-1.fc20.x86_64.


Note You need to log in before you can comment on or make changes to this bug.