110145 2013-02-18 11:55:22 -0800 [harfbuzz] Crash in harfbuzz because direction is not set 2013-02-19 09:58:35 -0800 1 1 1 Unclassified WebKit WebKitGTK 420+ Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 csaavedra webkit-security-unassigned bashi behdad cdumez d-r jshin mrobinson schenney tony oldest_to_newest 835666 0 csaavedra 2013-02-18 11:55:22 -0800 Pulling from hb master and with a wk build from today: #0 0x0000003af8c35ba5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:63 #1 0x0000003af8c37358 in __GI_abort () at abort.c:90 #2 0x0000003af8c2e972 in __assert_fail_base (fmt=0x3af8d793e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7ffff5b00850 "props->direction != HB_DIRECTION_INVALID", file=file@entry=0x7ffff5b00829 "hb-shape-plan.cc", line=line@entry=93, function=function@entry=0x7ffff5b00900 <hb_shape_plan_create::__PRETTY_FUNCTION__> "hb_shape_plan_t* hb_shape_plan_create(hb_face_t*, const hb_segment_properties_t*, const hb_feature_t*, unsigned int, const char* const*)") at assert.c:92 #3 0x0000003af8c2ea22 in __GI___assert_fail (assertion=0x7ffff5b00850 "props->direction != HB_DIRECTION_INVALID", file=0x7ffff5b00829 "hb-shape-plan.cc", line=93, function=0x7ffff5b00900 <hb_shape_plan_create::__PRETTY_FUNCTION__> "hb_shape_plan_t* hb_shape_plan_create(hb_face_t*, const hb_segment_properties_t*, const hb_feature_t*, unsigned int, const char* const*)") at assert.c:101 #4 0x00007ffff5aa4669 in hb_shape_plan_create (face=face@entry=0x207fc10, props=props@entry=0x20b1698, user_features=user_features@entry=0x0, num_user_features=num_user_features@entry=0, shaper_list=shaper_list@entry=0x0) at hb-shape-plan.cc:93 #5 0x00007ffff5aa5145 in hb_shape_plan_create_cached (face=0x207fc10, props=0x20b1698, user_features=0x0, num_user_features=<optimized out>, shaper_list=0x0) at hb-shape-plan.cc:289 #6 0x00007ffff5aa3f42 in hb_shape_full (font=0x2081400, buffer=0x20b1620, features=0x0, num_features=0, shaper_list=<optimized out>) at hb-shape.cc:258 #7 0x00007ffff68e9780 in WebCore::HarfBuzzShaper::shapeHarfBuzzRuns(bool) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #8 0x00007ffff68eab11 in WebCore::HarfBuzzShaper::shape(WebCore::GlyphBuffer*) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #9 0x00007ffff68e4e53 in WebCore::Font::floatWidthForComplexText(WebCore::TextRun const&, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >*, WebCore::GlyphOverflow*) const () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #10 0x00007ffff702ebd2 in WebCore::Font::width(WebCore::TextRun const&, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >*, WebCore::GlyphOverflow*) const () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #11 0x00007ffff6a7ac8c in WebCore::RenderText::computePreferredLogicalWidths(float, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >&, WebCore::GlyphOverflow&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #12 0x00007ffff6a7cf76 in WebCore::RenderText::width(unsigned int, unsigned int, WebCore::Font const&, float, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >*, WebCore::GlyphOverflow*) const () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #13 0x00007ffff6968914 in WebCore::RenderBlock::LineBreaker::nextSegmentBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderBlock::RenderTextInfo&, WebCore::RenderBlock::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul>&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #14 0x00007ffff6969577 in WebCore::RenderBlock::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderBlock::RenderTextInfo&, WebCore::RenderBlock::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul>&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #15 0x00007ffff696b806 in WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #16 0x00007ffff696ced9 in WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #17 0x00007ffff696d63d in WebCore::RenderBlock::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #18 0x00007ffff694f6dc in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #19 0x00007ffff693067b in WebCore::RenderBlock::layout() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #20 0x00007ffff694de99 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #21 0x00007ffff694e65f in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #22 0x00007ffff694f988 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #23 0x00007ffff693067b in WebCore::RenderBlock::layout() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #24 0x00007ffff694de99 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #25 0x00007ffff694e65f in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #26 0x00007ffff694f988 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #27 0x00007ffff693067b in WebCore::RenderBlock::layout() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #28 0x00007ffff694de99 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #29 0x00007ffff694e65f in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #30 0x00007ffff694f988 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #31 0x00007ffff693067b in WebCore::RenderBlock::layout() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #32 0x00007ffff694ae3c in WebCore::RenderBlock::insertFloatingObject(WebCore::RenderBox*) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #33 0x00007ffff694b279 in WebCore::RenderBlock::handleFloatingChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo const&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #34 0x00007ffff694e63f in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #35 0x00007ffff694f988 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #36 0x00007ffff693067b in WebCore::RenderBlock::layout() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #37 0x00007ffff694de99 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #38 0x00007ffff694e65f in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #39 0x00007ffff694f988 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #40 0x00007ffff693067b in WebCore::RenderBlock::layout() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #41 0x00007ffff694de99 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #42 0x00007ffff694e65f in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #43 0x00007ffff694f988 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #44 0x00007ffff693067b in WebCore::RenderBlock::layout() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #45 0x00007ffff694de99 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #46 0x00007ffff694e65f in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #47 0x00007ffff694f988 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #48 0x00007ffff693067b in WebCore::RenderBlock::layout() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #49 0x00007ffff694de99 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #50 0x00007ffff694e65f in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #51 0x00007ffff694f988 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #52 0x00007ffff693067b in WebCore::RenderBlock::layout() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #53 0x00007ffff694de99 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #54 0x00007ffff694e65f in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #55 0x00007ffff694f988 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #56 0x00007ffff693067b in WebCore::RenderBlock::layout() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #57 0x00007ffff6a8de19 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #58 0x00007ffff6a8e797 in WebCore::RenderView::layout() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #59 0x00007ffff68b1aae in WebCore::FrameView::layout(bool) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #60 0x00007ffff642d659 in WebCore::Document::updateLayoutIgnorePendingStylesheets() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #61 0x00007ffff644d4c1 in WebCore::Element::offsetHeight() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #62 0x00007ffff6ca5a4d in WebCore::jsElementOffsetHeight(JSC::ExecState*, JSC::JSValue, JSC::PropertyName) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #63 0x00007ffff4719c51 in llint_slow_path_get_by_id () from /opt/gnome-3.0/lib64/libjavascriptcoregtk-3.0.so.0 #64 0x00007ffff4724e4d in llint_op_get_by_id () from /opt/gnome-3.0/lib64/libjavascriptcoregtk-3.0.so.0 #65 0x00007fffe0140000 in ?? () #66 0x00007ffff47ca7b7 in JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::JSScope*, JSC::JITCode::JITType, unsigned int) () from /opt/gnome-3.0/lib64/libjavascriptcoregtk-3.0.so.0 #67 0x00007ffff46bc019 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /opt/gnome-3.0/lib64/libjavascriptcoregtk-3.0.so.0 #68 0x00007ffff47b320a in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /opt/gnome-3.0/lib64/libjavascriptcoregtk-3.0.so.0 #69 0x00007ffff6252566 in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #70 0x00007ffff646420b in WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #71 0x00007ffff64644f1 in WebCore::EventTarget::fireEventListeners(WebCore::Event*) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #72 0x00007ffff645cab1 in WebCore::EventContext::handleLocalEvents(WebCore::Event*) const () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #73 0x00007ffff645d90a in WebCore::EventDispatcher::dispatch() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #74 0x00007ffff645d138 in WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #75 0x00007ffff6477999 in WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #76 0x00007ffff642a5a6 in WebCore::Document::finishedParsing() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #77 0x00007ffff6657a36 in WebCore::HTMLDocumentParser::prepareToStopParsing() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #78 0x00007ffff66574f8 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #79 0x00007ffff67cb679 in WebCore::CachedResource::checkNotify() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #80 0x00007ffff683cec9 in WebCore::SubresourceLoader::didFinishLoading(double) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #81 0x00007ffff70c27a6 in WebCore::readCallback(_GObject*, _GAsyncResult*, void*) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #82 0x00007ffff16c3187 in async_ready_callback_wrapper (source_object=0x207b980, res=0x20762d0, user_data=0x7fff95934888) at ginputstream.c:530 #83 0x00007ffff16f0cb8 in g_task_return_now (task=0x20762d0) at gtask.c:1105 #84 0x00007ffff16f0ce9 in complete_in_idle_cb (task=0x20762d0) at gtask.c:1114 #85 0x00007ffff0eef9a7 in g_idle_dispatch (source=0x7fff60001290, callback=0x7ffff16f0cd1 <complete_in_idle_cb>, user_data=0x20762d0) at gmain.c:5205 #86 0x00007ffff0eed225 in g_main_dispatch (context=0x721660) at gmain.c:3054 #87 0x00007ffff0eedf8a in g_main_context_dispatch (context=0x721660) at gmain.c:3630 #88 0x00007ffff0eee17a in g_main_context_iterate (context=0x721660, block=1, dispatch=1, self=0x762060) at gmain.c:3701 #89 0x00007ffff0eee23e in g_main_context_iteration (context=0x721660, may_block=1) at gmain.c:3762 #90 0x00007ffff171b3d1 in g_application_run (application=0x8d3000, argc=1, argv=0x7fffffffd658) at gapplication.c:1620 #91 0x00000000004313cd in main (argc=1, argv=0x7fffffffd658) at ephy-main.c:474 835667 1 csaavedra 2013-02-18 11:56:16 -0800 Sorry, I think I should not be filing bugs when I haven't had a proper meal. 836027 2 behdad 2013-02-18 23:34:04 -0800 Right... I should have expected this coming. The way webkit calls harfbuzz is buggy. I'm compiling webkitgtk now to try to fix this. 836148 3 behdad 2013-02-19 02:08:23 -0800 I've got webkitgtk build here. Any easy way to reproduce the crash (ideally in gdb)? 836155 4 csaavedra 2013-02-19 02:20:11 -0800 Run epiphany against your wk build (from master) and just start the browser. That should do it. 836392 5 behdad 2013-02-19 07:49:21 -0800 This should do it, though, this area really needs more work. We should simply make direction available to HarfBuzz unconditionally. It's recipe for disaster otherwise. --- Source/WebCore/platform/graphics/harfbuzz/HarfBuzzShaper.cpp.orig 2013-02-19 10:43:39.413756909 -0500 +++ Source/WebCore/platform/graphics/harfbuzz/HarfBuzzShaper.cpp 2013-02-19 10:43:06.730116605 -0500 @@ -327,6 +327,9 @@ hb_buffer_set_script(harfBuzzBuffer.get(), currentRun->script()); if (shouldSetDirection) hb_buffer_set_direction(harfBuzzBuffer.get(), currentRun->rtl() ? HB_DIRECTION_RTL : HB_DIRECTION_LTR); + else + // Leaving direction to HarfBuzz to guess is *really* bad, but will do for now. + hb_buffer_guess_segment_properties (harfBuzzBuffer.get()); // Add a space as pre-context to the buffer. This prevents showing dotted-circle // for combining marks at the beginning of runs. 836408 6 behdad 2013-02-19 08:15:00 -0800 FWIW, this was caused by the following HarfBuzz commit: commit c462b32dcb883a7aca066af24c4d28c7a2b7fa28 Author: Behdad Esfahbod <behdad@behdad.org> Date: Fri Feb 15 07:51:47 2013 -0500 Disable automatic segment properties guessing Before, if one called hb_shape() without setting script, language, and direction on the buffer, hb_shape() was calling hb_buffer_guess_segment_properties() on the user's behalf to guess these. This is very dangerous, since any serious user of HarfBuzz must set these properly (specially important is direction). So now, we don't guess properties by default. People not setting direction will get an abort() now. If the old behavior is desired (fragile, good for simple testing only), users can call hb_buffer_guess_segment_properties() on the buffer just before calling hb_shape(). 836409 7 189091 csaavedra 2013-02-19 08:15:10 -0800 Created attachment 189091 Patch 836410 8 csaavedra 2013-02-19 08:16:51 -0800 Who can I cc for a review on this area? 836412 9 csaavedra 2013-02-19 08:22:37 -0800 Hi Tony, I was told you might be able to review this :) TIA 836417 10 189091 eflews.bot 2013-02-19 08:27:06 -0800 Comment on attachment 189091 Patch Attachment 189091 did not pass efl-ews (efl): Output: http://queues.webkit.org/results/16616727 836429 11 schenney 2013-02-19 08:36:35 -0800 Could we have a follow up bug for this to fix the underlying problem? According to comment #6 the real error is in WebKit failing to set all the properties on the text run correctly. Just hacking it in is not the right fix - we should be setting the properties. There is also no test. How are we to reproduce this without building for gtk and running some other piece of software? How will we detect if it fails again? 836432 12 behdad 2013-02-19 08:40:16 -0800 It will crash with *any* complex script test, with recent-enough harfbuzz. The reason only GTK build noticed this is that Chrome runs a static version of harfbuzz. 836434 13 mrobinson 2013-02-19 08:42:24 -0800 (In reply to comment #12) > It will crash with *any* complex script test, with recent-enough harfbuzz. The reason only GTK build noticed this is that Chrome runs a static version of harfbuzz. And the GTK+ bots are using an old version. 836442 14 schenney 2013-02-19 08:51:49 -0800 (In reply to comment #12) > It will crash with *any* complex script test, with recent-enough harfbuzz. The reason only GTK build noticed this is that Chrome runs a static version of harfbuzz. Follow up bug then, so we fix this properly? 836454 15 behdad 2013-02-19 09:01:42 -0800 Bug 110230 - [harfbuzz] Always pass correct text direction to HarfBuzz 836472 16 189091 csaavedra 2013-02-19 09:13:41 -0800 Comment on attachment 189091 Patch Already landed on: http://trac.webkit.org/changeset/143337 Build fix in: http://trac.webkit.org/changeset/143345 836480 17 189091 ossy 2013-02-19 09:29:30 -0800 Comment on attachment 189091 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=189091&action=review > Source/WebCore/platform/graphics/harfbuzz/HarfBuzzShaper.cpp:334 > + else > + // Leaving direction to HarfBuzz to guess is *really* bad, but will do for now. > + hb_buffer_guess_segment_properties(harfBuzzBuffer.get()); Ouch. Is it correct without { } ? 836483 18 189091 cdumez 2013-02-19 09:33:23 -0800 Comment on attachment 189091 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=189091&action=review >> Source/WebCore/platform/graphics/harfbuzz/HarfBuzzShaper.cpp:334 >> + hb_buffer_guess_segment_properties(harfBuzzBuffer.get()); > > Ouch. Is it correct without { } ? In any case, WebKit coding style recommends to use braces in this case: "One-line control clauses should not use braces unless comments are included or a single statement spans multiple lines." 836498 19 csaavedra 2013-02-19 09:53:09 -0800 (In reply to comment #18) > In any case, WebKit coding style recommends to use braces in this case: > "One-line control clauses should not use braces unless comments are included or a single statement spans multiple lines." My bad. check-webkit-style didn't complain on this one. Do you want me to fix this? 836503 20 cdumez 2013-02-19 09:58:35 -0800 (In reply to comment #19) > (In reply to comment #18) > > > In any case, WebKit coding style recommends to use braces in this case: > > "One-line control clauses should not use braces unless comments are included or a single statement spans multiple lines." > > My bad. check-webkit-style didn't complain on this one. Do you want me to fix this? The code works and the patch already landed. I personally think it is fine to leave it as it is. I merely commented for future reference. 189091 2013-02-19 08:15:10 -0800 2013-02-19 09:33:23 -0800 Patch bug-110145-20130219181131.patch text/plain 1818 csaavedra U3VidmVyc2lvbiBSZXZpc2lvbjogMTQzMTcwCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYzk5NTEwODJmNWExMzJh NTA3MmJiOTNiNjIwOTk2ZGI2N2VjMWZhYy4uNGMzM2Q3ZTEwYjc0YTllZTAwNzI3M2JmYjUxMDE0 ZDM3MDkxMDU0NiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2IEBACisyMDEzLTAyLTE5ICBDbGF1 ZGlvIFNhYXZlZHJhICA8Y3NhYXZlZHJhQGlnYWxpYS5jb20+CisKKyAgICAgICAgW2hhcmZidXp6 XSBDcmFzaCBpbiBoYXJmYnV6eiByZWxhdGVkIGNvZGUKKyAgICAgICAgaHR0cHM6Ly9idWdzLndl YmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTExMDE0NQorCisgICAgICAgIFJldmlld2VkIGJ5IE5P Qk9EWSAoT09QUyEpLgorCisgICAgICAgIFBhdGNoIGJ5IEJlaGRhZCBFc2ZhaGJvZCA8YmVoZGFk QGdvb2dsZS5jb20+CisKKyAgICAgICAgKiBwbGF0Zm9ybS9ncmFwaGljcy9oYXJmYnV6ei9IYXJm QnV6elNoYXBlci5jcHA6CisgICAgICAgIChXZWJDb3JlOjpIYXJmQnV6elNoYXBlcjo6c2hhcGVI YXJmQnV6elJ1bnMpOiBBc2sgaGFyZmJ1enoKKyAgICAgICAgdG8gZ3Vlc3MgdGhlIHNlZ21lbnQg cHJvcGVydGllcy4KKwogMjAxMy0wMi0xNSAgRXVnZW5lIEtseXVjaG5pa292ICA8ZXVzdGFzQGNo cm9taXVtLm9yZz4KIAogICAgICAgICBXZWIgSW5zcGVjdG9yOiBJbnRyb2R1Y2UgUHJvZmlsZXNQ YW5lbERlc2NyaXB0b3IuCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ncmFw aGljcy9oYXJmYnV6ei9IYXJmQnV6elNoYXBlci5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9y bS9ncmFwaGljcy9oYXJmYnV6ei9IYXJmQnV6elNoYXBlci5jcHAKaW5kZXggMWNmMzk3OWE1NjAy OTI2NzllMGJiNzA2ZWMzYTYzYWU0YmNmMmI1MS4uNjliYTZmZjIzMWUwNjljZGQ1OWJmMGU0MTFj ODczMWZlMjNjMjI5YyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3JhcGhp Y3MvaGFyZmJ1enovSGFyZkJ1enpTaGFwZXIuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRm b3JtL2dyYXBoaWNzL2hhcmZidXp6L0hhcmZCdXp6U2hhcGVyLmNwcApAQCAtMzI5LDYgKzMyOSw5 IEBAIGJvb2wgSGFyZkJ1enpTaGFwZXI6OnNoYXBlSGFyZkJ1enpSdW5zKGJvb2wgc2hvdWxkU2V0 RGlyZWN0aW9uKQogICAgICAgICBoYl9idWZmZXJfc2V0X3NjcmlwdChoYXJmQnV6ekJ1ZmZlci5n ZXQoKSwgY3VycmVudFJ1bi0+c2NyaXB0KCkpOwogICAgICAgICBpZiAoc2hvdWxkU2V0RGlyZWN0 aW9uKQogICAgICAgICAgICAgaGJfYnVmZmVyX3NldF9kaXJlY3Rpb24oaGFyZkJ1enpCdWZmZXIu Z2V0KCksIGN1cnJlbnRSdW4tPnJ0bCgpID8gSEJfRElSRUNUSU9OX1JUTCA6IEhCX0RJUkVDVElP Tl9MVFIpOworICAgICAgICBlbHNlCisgICAgICAgICAgICAvLyBMZWF2aW5nIGRpcmVjdGlvbiB0 byBIYXJmQnV6eiB0byBndWVzcyBpcyAqcmVhbGx5KiBiYWQsIGJ1dCB3aWxsIGRvIGZvciBub3cu CisgICAgICAgICAgICBoYl9idWZmZXJfZ3Vlc3Nfc2VnbWVudF9wcm9wZXJ0aWVzKGhhcmZCdXp6 QnVmZmVyLmdldCgpKTsKIAogICAgICAgICAvLyBBZGQgYSBzcGFjZSBhcyBwcmUtY29udGV4dCB0 byB0aGUgYnVmZmVyLiBUaGlzIHByZXZlbnRzIHNob3dpbmcgZG90dGVkLWNpcmNsZQogICAgICAg ICAvLyBmb3IgY29tYmluaW5nIG1hcmtzIGF0IHRoZSBiZWdpbm5pbmcgb2YgcnVucy4K