search

ultralight-ux / Ultralight

Lightweight, high-performance HTML renderer for game and app developers.
https://ultralig.ht
4.69k stars 197 forks source link

Crash in WebCore/Ultralight when rendering drop shadows w/ CPU Renderer #352

Open GenuineAster opened 3 years ago

GenuineAster commented 3 years ago

A small material app loaded over HTTP with drop shadows causes the following crash when rendered the first time:

>2021-07-02 08:00:00+0200|WARN |C|C++|OnDOMReady [ultralight] DOM object ready: http://localhost:5000/
>2021-07-02 08:00:00+0200|WARN |C|C++|OnFinishLoading [ultralight] Finish loading: http://localhost:5000/
Process 188580 stopped
* thread #1, name = 'Main Thread', stop reason = signal SIGSEGV: invalid address (fault address: 0x55555919f040)
    frame #0: 0x00007fffea6c579c libc.so.6`__memmove_avx_unaligned_erms + 652
libc.so.6`__memmove_avx_unaligned_erms:
->  0x7fffea6c579c <+652>: vmovdqa %ymm0, (%r9)
    0x7fffea6c57a1 <+657>: vmovdqa %ymm1, -0x20(%r9)
    0x7fffea6c57a7 <+663>: vmovdqa %ymm2, -0x40(%r9)
    0x7fffea6c57ad <+669>: vmovdqa %ymm3, -0x60(%r9)
(lldb) bt
* thread #1, name = 'Main Thread', stop reason = signal SIGSEGV: invalid address (fault address: 0x55555919f040)
  * frame #0: 0x00007fffea6c579c libc.so.6`__memmove_avx_unaligned_erms + 652
    frame #1: 0x00007fffef1cf96e libUltralightCore.so`ultralight::CanvasBlend2D::DrawBoxShadow(ultralight::Rect const&, ultralight::RoundedRect const&, ultralight::RoundedRect const&, bool, ultralight::vec2 const&, float, ultralight::Paint const&) + 2126
    frame #2: 0x00007fffec11d7bd libWebCore.so`WebCore::PlatformContextUltralight::DrawBoxShadow(WebCore::FloatRoundedRect const&, WebCore::FloatSize const&, float, WebCore::Color const&, bool, WebCore::FloatRoundedRect const&) + 477
    frame #3: 0x00007fffecfd1d90 libWebCore.so`WebCore::RenderBoxModelObject::paintBoxShadow(WebCore::PaintInfo const&, WebCore::LayoutRect const&, WebCore::RenderStyle const&, WebCore::ShadowStyle, bool, bool) + 3264
    frame #4: 0x00007fffecfd0d86 libWebCore.so`WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 166
    frame #5: 0x00007fffecf99f0b libWebCore.so`WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 75
    frame #6: 0x00007fffecf98f88 libWebCore.so`WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 456
    frame #7: 0x00007fffed06604b libWebCore.so`WebCore::RenderLayer::paintBackgroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) + 475
    frame #8: 0x00007fffed06345d libWebCore.so`WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 2477
    frame #9: 0x00007fffed063683 libWebCore.so`WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 3027
    frame #10: 0x00007fffed063683 libWebCore.so`WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 3027
    frame #11: 0x00007fffed060bfa libWebCore.so`WebCore::RenderLayer::paint(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::LayoutSize const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>, WebCore::RenderLayer::SecurityOriginPaintPolicy) + 298
    frame #12: 0x00007fffecdb2c34 libWebCore.so`WebCore::FrameView::paintContents(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy) + 468
    frame #13: 0x00007fffece63279 libWebCore.so`WebCore::ScrollView::paint(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy) + 985
    frame #14: 0x00007fffef6b983f libUltralight.so`ultralight::ViewImpl::PerformRepaint(WebCore::Frame*, WebCore::IntRect const&) + 719
    frame #15: 0x00007fffef6b90ff libUltralight.so`ultralight::ViewImpl::Paint(unsigned long, double) + 2815
    frame #16: 0x00007fffef1eddc2 libUltralightCore.so`ultralight::PainterImpl::Paint(unsigned long, double) + 162
    frame #17: 0x00007fffef6b3476 libUltralight.so`ultralight::RendererImpl::Render() + 38
    frame #18: 0x00007ffff01f820e libMutate.Engine.Client.so`Mutate::GameUI::GameUIManager::Update(this=<unavailable>) at GameUIManager.cpp:289:25

Will post more information later in the day. Rebooting to Windows to see if I get the same issue there, and will create a minimal repro case.

adamjs commented 3 years ago

Thanks for the report! Any CPU information? I'll try to reproduce.

GenuineAster commented 3 years ago

I am running on a Ryzen 7 3700X which has avx and avx2. I could not reproduce the issue on Windows, it only happens on Linux

adamjs commented 3 years ago

This should be fixed in latest SDK: https://github.com/ultralight-ux/Ultralight#getting-the-latest-sdk