20339 2008-08-09 05:28:20 -0700 REGRESSION(r35531-r35615): Acid3 crashes on Windows in CachedFont::getSVGFontById 2008-08-10 23:46:22 -0700 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) PC Windows XP RESOLVED FIXED http://acid3.acidtests.org/ NeedsReduction, Regression P1 Normal --- 1 mhstamate webkit-unassigned dev+webkit mitz sfalken oldest_to_newest 88153 0 mhstamate 2008-08-09 05:28:20 -0700 Tested on: - Windows XP SP2 - Apple Safari for Windows 3.1.2 using a WebKit nightly build for Windows from http://nightly.webkit.org/ - Intel P4 2.4 GHz CPU (single core) - javascript is enabled How often it happens: always Description: 1. using any nightly WebKit build from nightly.webkit.org after build r35531 (the first one avaliable on that website is r35615) 2. go to http://acid3.acidtests.org/ to take the Acid3 test 3. the test runs, it displays 74/100 and then the web browser crashes The last WebKit nightly build for Windows on nightly.webkit.org that doesn't crash is r35531. The next WebKit nightly build for Windows on nightly.webkit.org is r35615, and it does crash. Every WebKit nightly build following r35531 that was tested caused a crash (r35615, 35641, 35648). So, the change that caused the hang must have happened somewhere in between builds r35531 and r35615 (for Windows). 88155 1 dev+webkit 2008-08-09 11:13:39 -0700 Confirmed with r35646. I get the following assertion failure: ASSERTION FAILED: node->hasTagName(SVGNames::fontTag) (..\loader\CachedFont.cpp:167 WebCore::CachedFont::getSVGFontById) > WebKit.dll!WebCore::CachedFont::getSVGFontById(const WebCore::String & fontName={...}) Line 167 + 0x30 bytes C++ WebKit.dll!WebCore::CSSFontFaceSource::getFontData(const WebCore::FontDescription & fontDescription={...}, bool syntheticBold=false, bool syntheticItalic=false, WebCore::CSSFontSelector * fontSelector=0x05a949c0) Line 131 + 0x24 bytes C++ WebKit.dll!WebCore::CSSFontFace::getFontData(const WebCore::FontDescription & fontDescription={...}, bool syntheticBold=false, bool syntheticItalic=false) Line 97 + 0x26 bytes C++ WebKit.dll!WebCore::CSSSegmentedFontFace::getFontData(const WebCore::FontDescription & fontDescription={...}) Line 114 + 0x29 bytes C++ WebKit.dll!WebCore::CSSFontSelector::getFontData(const WebCore::FontDescription & fontDescription={...}, const WebCore::AtomicString & familyName={...}) Line 532 + 0x13 bytes C++ WebKit.dll!WebCore::FontCache::getFontData(const WebCore::Font & font={...}, int & familyIndex=1, WebCore::FontSelector * fontSelector=0x05a949c0) Line 334 + 0x21 bytes C++ WebKit.dll!WebCore::FontFallbackList::fontDataAt(const WebCore::Font * font=0x05ecbdf8, unsigned int realizedFontIndex=0) Line 100 + 0x1c bytes C++ WebKit.dll!WebCore::FontFallbackList::primaryFont(const WebCore::Font * f=0x05ecbdf8) Line 60 + 0x1c bytes C++ WebKit.dll!WebCore::FontFallbackList::determinePitch(const WebCore::Font * font=0x05ecbdf8) Line 71 + 0xc bytes C++ WebKit.dll!WebCore::FontFallbackList::isFixedPitch(const WebCore::Font * f=0x05ecbdf8) Line 49 + 0x23 bytes C++ WebKit.dll!WebCore::Font::isFixedPitch() Line 553 C++ WebKit.dll!WebCore::RenderText::widthFromCache(const WebCore::Font & f={...}, int start=0, int len=1, int xPos=0) Line 368 + 0x8 bytes C++ WebKit.dll!WebCore::RenderText::calcPrefWidths(int leadWidth=0) Line 602 + 0x1b bytes C++ WebKit.dll!WebCore::RenderText::maxPrefWidth() Line 500 + 0x14 bytes C++ WebKit.dll!WebCore::RenderText::width(unsigned int from=0, unsigned int len=1, const WebCore::Font & f={...}, int xPos=0) Line 1016 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::findNextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator,WebCore::BidiRun> & resolver={...}, WebCore::EClear * clear=0x0025f034) Line 1985 + 0x31 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutInlineChildren(bool relayoutChildren=false, int & repaintTop=0, int & repaintBottom=0) Line 934 + 0x1d bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=false) Line 626 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 536 + 0x14 bytes C++ WebKit.dll!WebCore::RenderSVGText::layout() Line 105 C++ WebKit.dll!WebCore::RenderObject::layoutIfNeeded() Line 507 + 0x30 bytes C++ WebKit.dll!WebCore::RenderSVGRoot::layout() Line 106 C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=false, int & maxFloatBottom=0) Line 1281 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=false) Line 630 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 536 + 0x14 bytes C++ WebKit.dll!WebCore::RenderView::layout() Line 121 C++ WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 483 + 0x12 bytes C++ 88158 2 mitz 2008-08-09 17:49:10 -0700 The assertion fails because SVGElementFactory.cpp uses the HTMLNames namespace for the tag names instead of the SVGNames namespace. That probably happens because an earlier file in DerivedSources.cpp includes a "using namespace WebCore::HTMLNames" statement. I fixed the problem for *ElementFactory.cpp, only to get another crash on Acid3, so this should probably be fixed in DerivedSources.cpp. 88159 3 22720 mitz 2008-08-09 18:20:34 -0700 Created attachment 22720 Use explicit namespaces in *ElementFactory files 88188 4 22723 mitz 2008-08-10 19:25:47 -0700 Created attachment 22723 Use explicit namespaces in *ElementFactory files Turns out the other crash was a separate issue, fixed in r35660. 88189 5 22723 eric 2008-08-10 19:51:23 -0700 Comment on attachment 22723 Use explicit namespaces in *ElementFactory files Looks good. 88193 6 mitz 2008-08-10 21:52:33 -0700 Fixed in <http://trac.webkit.org/changeset/35661>. 88204 7 mhstamate 2008-08-10 23:46:22 -0700 The crash no longer happens here either. 22720 2008-08-09 18:20:34 -0700 2008-08-10 19:25:47 -0700 Use explicit namespaces in *ElementFactory files generator-patch.diff text/plain 1379 mitz SW5kZXg6IFdlYkNvcmUvZG9tL21ha2VfbmFtZXMucGwKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9k b20vbWFrZV9uYW1lcy5wbAkocmV2aXNpb24gMzU2NTMpCisrKyBXZWJDb3JlL2RvbS9tYWtlX25h bWVzLnBsCSh3b3JraW5nIGNvcHkpCkBAIC0yMTUsNyArMjE1LDcgQEAgc3ViIHByaW50Q29uc3Ry dWN0b3JzCiAKICAgICAgICAgcHJpbnQgRiAiJHBhcmFtZXRlcnN7J25hbWVzcGFjZSd9RWxlbWVu dCogJHtuYW1lfUNvbnN0cnVjdG9yKERvY3VtZW50KiBkb2MsIGJvb2wgY3JlYXRlZEJ5UGFyc2Vy KVxuIjsKICAgICAgICAgcHJpbnQgRiAie1xuIjsKLSAgICAgICAgcHJpbnQgRiAiICAgIHJldHVy biBuZXcgJHBhcmFtZXRlcnN7J25hbWVzcGFjZSd9JHt1Y05hbWV9RWxlbWVudCgke25hbWV9VGFn LCBkb2MpO1xuIjsKKyAgICAgICAgcHJpbnQgRiAiICAgIHJldHVybiBuZXcgJHBhcmFtZXRlcnN7 J25hbWVzcGFjZSd9JHt1Y05hbWV9RWxlbWVudCgkcGFyYW1ldGVyc3snbmFtZXNwYWNlJ31OYW1l czo6JHtuYW1lfVRhZywgZG9jKTtcbiI7CiAgICAgICAgIHByaW50IEYgIn1cblxuIjsKICAgICB9 CiAgICAgcHJpbnQgRiAiI2VuZGlmXG4iIGlmICRwYXJhbWV0ZXJzeydndWFyZEZhY3RvcnlXaXRo J307CkBAIC0yMjUsNyArMjI1LDcgQEAgc3ViIHByaW50RnVuY3Rpb25Jbml0cwogewogICAgIG15 ICgkRiwgJG5hbWVzUmVmKSA9IEBfOwogICAgIGZvciBteSAkbmFtZSAoc29ydCBrZXlzICUkbmFt ZXNSZWYpIHsKLSAgICAgICAgcHJpbnQgRiAiICAgIGdGdW5jdGlvbk1hcC0+c2V0KCR7bmFtZX1U YWcubG9jYWxOYW1lKCkuaW1wbCgpLCAke25hbWV9Q29uc3RydWN0b3IpO1xuIjsKKyAgICAgICAg cHJpbnQgRiAiICAgIGdGdW5jdGlvbk1hcC0+c2V0KCRwYXJhbWV0ZXJzeyduYW1lc3BhY2UnfU5h bWVzOjoke25hbWV9VGFnLmxvY2FsTmFtZSgpLmltcGwoKSwgJHtuYW1lfUNvbnN0cnVjdG9yKTtc biI7CiAgICAgfQogfQogCkBAIC01MTYsNyArNTE2LDYgQEAgcHJpbnQgRiA8PEVORAogI2luY2x1 ZGUgPHd0Zi9IYXNoTWFwLmg+CiAKIHVzaW5nIG5hbWVzcGFjZSBXZWJDb3JlOwotdXNpbmcgbmFt ZXNwYWNlICRwYXJhbWV0ZXJzeydjcHBOYW1lc3BhY2UnfTo6JHBhcmFtZXRlcnN7J25hbWVzcGFj ZSd9TmFtZXM7CiAKIHR5cGVkZWYgJHBhcmFtZXRlcnN7J25hbWVzcGFjZSd9RWxlbWVudCogKCpD b25zdHJ1Y3RvckZ1bmMpKERvY3VtZW50KiBkb2MsIGJvb2wgY3JlYXRlZEJ5UGFyc2VyKTsKIHR5 cGVkZWYgV1RGOjpIYXNoTWFwPEF0b21pY1N0cmluZ0ltcGwqLCBDb25zdHJ1Y3RvckZ1bmM+IEZ1 bmN0aW9uTWFwOwo= 22723 2008-08-10 19:25:47 -0700 2008-08-10 19:51:23 -0700 Use explicit namespaces in *ElementFactory files 20339_r1.diff text/plain 2013 mitz SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiAzNTY2MCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTMgQEAKKzIwMDgtMDgtMTAgIERhbiBCZXJuc3RlaW4gIDxtaXR6QGFwcGxlLmNv bT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAtIGZp eCBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjAzMzkKKyAgICAgICAg ICBSRUdSRVNTSU9OIChyMzU1MzEtcjM1NjE1KTogQWNpZDMgY3Jhc2hlcyBvbiBXaW5kb3dzIGlu IENhY2hlZEZvbnQ6OmdldFNWR0ZvbnRCeUlkCisKKyAgICAgICAgKiBkb20vbWFrZV9uYW1lcy5w bDogUmVtb3ZlZCAidXNpbmcgbmFtZXNwYWNlIFdlYkNvcmU6OipOYW1lcyIKKyAgICAgICAgZnJv bSAqRWxlbWVudEZhY3RvcnkuY3BwIGZpbGVzLiAgICAgICAgCisKIDIwMDgtMDgtMTAgIE1hcmsg Um93ZSAgPG1yb3dlQGFwcGxlLmNvbT4KIAogICAgICAgICBSZXZpZXdlZCBieSBDYW1lcm9uIFp3 YXJpY2guCkluZGV4OiBXZWJDb3JlL2RvbS9tYWtlX25hbWVzLnBsCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdl YkNvcmUvZG9tL21ha2VfbmFtZXMucGwJKHJldmlzaW9uIDM1NjU4KQorKysgV2ViQ29yZS9kb20v bWFrZV9uYW1lcy5wbAkod29ya2luZyBjb3B5KQpAQCAtMjE1LDcgKzIxNSw3IEBAIHN1YiBwcmlu dENvbnN0cnVjdG9ycwogCiAgICAgICAgIHByaW50IEYgIiRwYXJhbWV0ZXJzeyduYW1lc3BhY2Un fUVsZW1lbnQqICR7bmFtZX1Db25zdHJ1Y3RvcihEb2N1bWVudCogZG9jLCBib29sIGNyZWF0ZWRC eVBhcnNlcilcbiI7CiAgICAgICAgIHByaW50IEYgIntcbiI7Ci0gICAgICAgIHByaW50IEYgIiAg ICByZXR1cm4gbmV3ICRwYXJhbWV0ZXJzeyduYW1lc3BhY2UnfSR7dWNOYW1lfUVsZW1lbnQoJHtu YW1lfVRhZywgZG9jKTtcbiI7CisgICAgICAgIHByaW50IEYgIiAgICByZXR1cm4gbmV3ICRwYXJh bWV0ZXJzeyduYW1lc3BhY2UnfSR7dWNOYW1lfUVsZW1lbnQoJHBhcmFtZXRlcnN7J25hbWVzcGFj ZSd9TmFtZXM6OiR7bmFtZX1UYWcsIGRvYyk7XG4iOwogICAgICAgICBwcmludCBGICJ9XG5cbiI7 CiAgICAgfQogICAgIHByaW50IEYgIiNlbmRpZlxuIiBpZiAkcGFyYW1ldGVyc3snZ3VhcmRGYWN0 b3J5V2l0aCd9OwpAQCAtMjI1LDcgKzIyNSw3IEBAIHN1YiBwcmludEZ1bmN0aW9uSW5pdHMKIHsK ICAgICBteSAoJEYsICRuYW1lc1JlZikgPSBAXzsKICAgICBmb3IgbXkgJG5hbWUgKHNvcnQga2V5 cyAlJG5hbWVzUmVmKSB7Ci0gICAgICAgIHByaW50IEYgIiAgICBnRnVuY3Rpb25NYXAtPnNldCgk e25hbWV9VGFnLmxvY2FsTmFtZSgpLmltcGwoKSwgJHtuYW1lfUNvbnN0cnVjdG9yKTtcbiI7Cisg ICAgICAgIHByaW50IEYgIiAgICBnRnVuY3Rpb25NYXAtPnNldCgkcGFyYW1ldGVyc3snbmFtZXNw YWNlJ31OYW1lczo6JHtuYW1lfVRhZy5sb2NhbE5hbWUoKS5pbXBsKCksICR7bmFtZX1Db25zdHJ1 Y3Rvcik7XG4iOwogICAgIH0KIH0KIApAQCAtNTE2LDcgKzUxNiw2IEBAIHByaW50IEYgPDxFTkQK ICNpbmNsdWRlIDx3dGYvSGFzaE1hcC5oPgogCiB1c2luZyBuYW1lc3BhY2UgV2ViQ29yZTsKLXVz aW5nIG5hbWVzcGFjZSAkcGFyYW1ldGVyc3snY3BwTmFtZXNwYWNlJ306OiRwYXJhbWV0ZXJzeydu YW1lc3BhY2UnfU5hbWVzOwogCiB0eXBlZGVmICRwYXJhbWV0ZXJzeyduYW1lc3BhY2UnfUVsZW1l bnQqICgqQ29uc3RydWN0b3JGdW5jKShEb2N1bWVudCogZG9jLCBib29sIGNyZWF0ZWRCeVBhcnNl cik7CiB0eXBlZGVmIFdURjo6SGFzaE1hcDxBdG9taWNTdHJpbmdJbXBsKiwgQ29uc3RydWN0b3JG dW5jPiBGdW5jdGlvbk1hcDsK