140653 2015-01-19 17:59:04 -0800 [Win] Layout Test mathml/opentype/munderover-layout-resize.html crashes 2016-07-03 13:05:19 -0700 1 1 1 Unclassified WebKit MathML 528+ (Nightly build) PC All RESOLVED FIXED P2 Normal --- 159386 1 bfulgham bfulgham bfulgham commit-queue dbarton esprehn+autocc fred.wang glenn kondapallykalyan mmaxfield mrobinson sabouhallawa oldest_to_newest 1062578 0 bfulgham 2015-01-19 17:59:04 -0800 The following layout test is flaky on Windows: mathml/presentation/mo-invisible.html Probable cause: The test is crashing in RenderMathMLOperator::advanceForGlyph, where the GlyphData contains a nullptr fontData member. This seems to be happening for UNICODE character 8290, which corresponds to an invisible multiplication symbol. 1062580 1 bfulgham 2015-01-19 18:07:34 -0800 The GlyphData's fontData member can be nullptr in the case where FontGlyphs::glyphDataForSystemFallback cannot find a suitable font for the desired character. When this happens, we return a default-constructed GlyphData which has a null internal fontData member. This member is dereference later, causing a crash. 1062582 2 bfulgham 2015-01-19 18:11:43 -0800 Actually, the failing test is "mathml/opentype/munderover-layout-resize.html" 1062584 3 244948 bfulgham 2015-01-19 18:13:01 -0800 Created attachment 244948 Patch 1062585 4 bfulgham 2015-01-19 18:13:34 -0800 I wonder if this only happens if certain fonts are missing from the test system? DRT should be insuring the right fonts are in place. 1062587 5 244948 mmaxfield 2015-01-19 18:23:20 -0800 Comment on attachment 244948 Patch You haven't described why this flakes. It seems to me that consistently crashing and being flakey are substantially different phenomena. 1062588 6 mmaxfield 2015-01-19 18:23:44 -0800 I think we need to do a little more research to figure out what is going on here. 1062627 7 bfulgham 2015-01-19 20:40:51 -0800 (In reply to comment #5) > Comment on attachment 244948 [details] > Patch > > You haven't described why this flakes. It seems to me that consistently > crashing and being flakey are substantially different phenomena. Yes -- this is a repeatable crash, due to a nullptr dereference as I mentioned elsewhere in this bug. What I'm not sure about is why this particular test can't seem to come up with a valid set of font data. Without any other information, I'm guessing it has to do with the use of the "stretchy.woff" font include. Probably something in the Windows port is not properly implemented. It looks like the style of the MathML element is empty, and for whatever reason the attempt to access UNICODE character 8290 does not find anything suitable in the fallback logic resulting in null font data. Once that happens, we crash as soon as we attempt to dereference the font data. 1174437 8 fred.wang 2016-03-14 06:57:08 -0700 @Brent: is it different from bug 140522 (comment 0 mentions mathml/presentation/mo-invisible.html and title mathml/opentype/munderover-layout-resize.html)? Apparently, you're proposed fix already landed: http://trac.webkit.org/browser/trunk/Source/WebCore/rendering/mathml/RenderMathMLOperator.cpp#L268 I suspect stretchy.woff does not have any character for U+8290 so the glyph of a system font (e.g. Cambria Math) should be used when calling style().fontCascade().glyphDataForCharacter(m_textContent, false). Not sure why it does not work on Windows. BTW, I'd like to mention that the code will change in the current MathML refactoring (bug 152244 and bug 155018) but they are still calling isValid() before using glyph data. 1207498 9 fred.wang 2016-07-03 09:31:25 -0700 http://trac.webkit.org/changeset/202788 244948 2015-01-19 18:13:01 -0800 2015-01-19 18:23:20 -0800 Patch bug-140653-20150119181957.patch text/plain 1781 bfulgham SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE3ODY4NykKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE3IEBACisyMDE1LTAxLTE5ICBCcmVudCBG dWxnaGFtICA8YmZ1bGdoYW1AYXBwbGUuY29tPgorCisgICAgICAgIExheW91dCBUZXN0IG1hdGht bC9vcGVudHlwZS9tdW5kZXJvdmVyLWxheW91dC1yZXNpemUuaHRtbAorICAgICAgICBodHRwczov L2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTQwNjUzCisKKyAgICAgICAgUmV2aWV3 ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgRm91bmQgYnkgbWF0aG1sL29wZW50eXBl L211bmRlcm92ZXItbGF5b3V0LXJlc2l6ZS5odG1sLgorCisgICAgICAgICogcmVuZGVyaW5nL21h dGhtbC9SZW5kZXJNYXRoTUxPcGVyYXRvci5jcHA6CisgICAgICAgIChXZWJDb3JlOjpSZW5kZXJN YXRoTUxPcGVyYXRvcjo6Ym91bmRzRm9yR2x5cGgpOiBEb24ndCBkZXJlZmVyZW5jZQorICAgICAg ICBhIG51bGxwdHIuCisgICAgICAgIChXZWJDb3JlOjpSZW5kZXJNYXRoTUxPcGVyYXRvcjo6YWR2 YW5jZUZvckdseXBoKTogRGl0dG8uCisKIDIwMTUtMDEtMTkgIEJyZW50IEZ1bGdoYW0gIDxiZnVs Z2hhbUBhcHBsZS5jb20+CiAKICAgICAgICAgW1dpbl0gVW5yZXZpZXdlZCBnYXJkZW5pbmcuCklu ZGV4OiBTb3VyY2UvV2ViQ29yZS9yZW5kZXJpbmcvbWF0aG1sL1JlbmRlck1hdGhNTE9wZXJhdG9y LmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9yZW5kZXJpbmcvbWF0aG1sL1JlbmRl ck1hdGhNTE9wZXJhdG9yLmNwcAkocmV2aXNpb24gMTc4Njc0KQorKysgU291cmNlL1dlYkNvcmUv cmVuZGVyaW5nL21hdGhtbC9SZW5kZXJNYXRoTUxPcGVyYXRvci5jcHAJKHdvcmtpbmcgY29weSkK QEAgLTEzMzMsNyArMTMzMyw3IEBAIHZvaWQgUmVuZGVyTWF0aE1MT3BlcmF0b3I6OnJlc2V0U3Ry ZXRjaFMKIAogRmxvYXRSZWN0IFJlbmRlck1hdGhNTE9wZXJhdG9yOjpib3VuZHNGb3JHbHlwaChj b25zdCBHbHlwaERhdGEmIGRhdGEpIGNvbnN0CiB7Ci0gICAgcmV0dXJuIGRhdGEuZm9udERhdGEt PmJvdW5kc0ZvckdseXBoKGRhdGEuZ2x5cGgpOworICAgIHJldHVybiBkYXRhLmZvbnREYXRhID8g ZGF0YS5mb250RGF0YS0+Ym91bmRzRm9yR2x5cGgoZGF0YS5nbHlwaCkgOiBGbG9hdFJlY3QoKTsK IH0KIAogZmxvYXQgUmVuZGVyTWF0aE1MT3BlcmF0b3I6OmhlaWdodEZvckdseXBoKGNvbnN0IEds eXBoRGF0YSYgZGF0YSkgY29uc3QKQEAgLTEzNDMsNyArMTM0Myw3IEBAIGZsb2F0IFJlbmRlck1h dGhNTE9wZXJhdG9yOjpoZWlnaHRGb3JHbHkKIAogZmxvYXQgUmVuZGVyTWF0aE1MT3BlcmF0b3I6 OmFkdmFuY2VGb3JHbHlwaChjb25zdCBHbHlwaERhdGEmIGRhdGEpIGNvbnN0CiB7Ci0gICAgcmV0 dXJuIGRhdGEuZm9udERhdGEtPndpZHRoRm9yR2x5cGgoZGF0YS5nbHlwaCk7CisgICAgcmV0dXJu IGRhdGEuZm9udERhdGEgPyBkYXRhLmZvbnREYXRhLT53aWR0aEZvckdseXBoKGRhdGEuZ2x5cGgp IDogMDsKIH0KIAogdm9pZCBSZW5kZXJNYXRoTUxPcGVyYXRvcjo6Y29tcHV0ZVByZWZlcnJlZExv Z2ljYWxXaWR0aHMoKQo=