30757 2009-10-25 07:18:07 -0700 [cairo] Loading large map SVG results in a crash 2010-10-21 17:32:33 -0700 1 1 1 Unclassified WebKit SVG 528+ (Nightly build) PC Linux RESOLVED FIXED Cairo P2 Normal --- 41467 1 slomo webkit-unassigned gustavo krit mrobinson zimmermann oldest_to_newest 157583 0 slomo 2009-10-25 07:18:07 -0700 Hi, with webkit/gtk 1.1.15.1 loading http://upload.wikimedia.org/wikipedia/commons/5/51/Petra_location_map-de-2.svg gives a reliable segfault. Apparently the problem is, that webkit passes a NULL font to cairo_ft_scaled_font_lock_face() from WebCore::GlyphPage::fill(). Program received signal SIGSEGV, Segmentation fault. cairo_ft_scaled_font_lock_face (abstract_font=0x0) at /tmp/buildd/cairo-1.9.4/src/cairo-ft-font.c:2833 2833 /tmp/buildd/cairo-1.9.4/src/cairo-ft-font.c: Datei oder Verzeichnis nicht gefunden. in /tmp/buildd/cairo-1.9.4/src/cairo-ft-font.c (gdb) bt #0 cairo_ft_scaled_font_lock_face (abstract_font=0x0) at /tmp/buildd/cairo-1.9.4/src/cairo-ft-font.c:2833 #1 0x00007ffff44891d9 in WebCore::GlyphPage::fill (this=0x7fffde46a400, offset=0, length=256, buffer=0x7fffffffc600, bufferLength=256, fontData=0x7fffde53aa00) at ../WebCore/platform/graphics/gtk/GlyphPageTreeNodeGtk.cpp:45 #2 0x00007ffff41eedc6 in WebCore::GlyphPageTreeNode::initializePage ( this=0x7fffde555b00, fontData=0x7fffde52c348, pageNumber=<value optimized out>) at ../WebCore/platform/graphics/GlyphPageTreeNode.cpp:222 #3 0x00007ffff41ef339 in WebCore::GlyphPageTreeNode::getChild ( this=0x7fffe9228980, fontData=0x7fffde52c348, pageNumber=0) at ../WebCore/platform/graphics/GlyphPageTreeNode.cpp:323 #4 0x00007ffff41ed1dd in WebCore::Font::glyphDataForCharacter ( this=0x7fffde4aadf0, c=83, mirror=false, forceSmallCaps=false) at ../WebCore/platform/graphics/FontFastPath.cpp:64 #5 0x00007ffff41fbf7c in WebCore::WidthIterator::advance ( this=0x7fffffffcd50, offset=6, glyphBuffer=0x0) at ../WebCore/platform/graphics/WidthIterator.cpp:116 #6 0x00007ffff41ec8c5 in WebCore::Font::floatWidthForSimpleText ( this=<value optimized out>, run=..., glyphBuffer=0x0, fallbackFonts=<value optimized out>) at ../WebCore/platform/graphics/FontFastPath.cpp:323 #7 0x00007ffff4263144 in WebCore::Font::width (this=0x7fffde4c2230, resolver=..., firstLine=true, isLineEmpty=@0x7fffffffd5bc, previousLineBrokeCleanly=@0x7fffffffd5bd, clear=0x7fffffffd5a8) at ../WebCore/platform/graphics/Font.h:81 #8 textWidth (this=0x7fffde4c2230, resolver=..., firstLine=true, isLineEmpty=@0x7fffffffd5bc, previousLineBrokeCleanly=@0x7fffffffd5bd, clear=0x7fffffffd5a8) at ../WebCore/rendering/RenderBlockLineLayout.cpp:1582 #9 WebCore::RenderBlock::findNextLineBreak (this=0x7fffde4c2230, resolver=..., firstLine=true, isLineEmpty=@0x7fffffffd5bc, previousLineBrokeCleanly=@0x7fffffffd5bd, clear=0x7fffffffd5a8) at ../WebCore/rendering/RenderBlockLineLayout.cpp:1896 #10 0x00007ffff4265642 in WebCore::RenderBlock::layoutInlineChildren ( this=0x7fffde4c2230, relayoutChildren=true, repaintTop=@0x7fffffffd6ac, repaintBottom=@0x7fffffffd6a8) at ../WebCore/rendering/RenderBlockLineLayout.cpp:959 #11 0x00007ffff425a6c5 in WebCore::RenderBlock::layoutBlock ( this=0x7fffde4c2230, relayoutChildren=true) at ../WebCore/rendering/RenderBlock.cpp:712 #12 0x00007ffff424a9db in WebCore::RenderBlock::layout (this=0x7fffde4c2230) at ../WebCore/rendering/RenderBlock.cpp:638 #13 0x00007ffff4397449 in WebCore::RenderSVGText::layout (this=0x7fffde4c2230) at ../WebCore/rendering/RenderSVGText.cpp:86 #14 0x00007ffff4391fdd in WebCore::RenderObject::layoutIfNeeded ( this=0x7fffde4c2070) at ../WebCore/rendering/RenderObject.h:488 #15 WebCore::RenderSVGContainer::layout (this=0x7fffde4c2070) at ../WebCore/rendering/RenderSVGContainer.cpp:73 #16 0x00007ffff4396344 in WebCore::RenderObject::layoutIfNeeded ( this=0x7fffde4c1660) at ../WebCore/rendering/RenderObject.h:488 #17 WebCore::RenderSVGRoot::layout (this=0x7fffde4c1660) at ../WebCore/rendering/RenderSVGRoot.cpp:102 #18 0x00007ffff4258b4e in WebCore::RenderBlock::layoutBlockChild ( this=0x7fffde4c1420, child=0x7fffde4c1660, marginInfo=..., previousFloatBottom=<value optimized out>, maxFloatBottom=@0x7fffffffdaf4) at ../WebCore/rendering/RenderBlock.cpp:1327 #19 0x00007ffff42596f0 in WebCore::RenderBlock::layoutBlockChildren ( this=0x7fffde4c1420, relayoutChildren=false, maxFloatBottom=@0x7fffffffdaf4) at ../WebCore/rendering/RenderBlock.cpp:1270 #20 0x00007ffff425ab33 in WebCore::RenderBlock::layoutBlock ( this=0x7fffde4c1420, relayoutChildren=false) at ../WebCore/rendering/RenderBlock.cpp:714 #21 0x00007ffff424a9db in WebCore::RenderBlock::layout (this=0x7fffde4c1420) at ../WebCore/rendering/RenderBlock.cpp:638 #22 0x00007ffff42deaa4 in WebCore::RenderView::layout (this=0x7fffde4c1420) at ../WebCore/rendering/RenderView.cpp:122 #23 0x00007ffff41a2413 in WebCore::FrameView::layout ( this=<value optimized out>, allowSubtree=<value optimized out>) at ../WebCore/page/FrameView.cpp:624 #24 0x00007ffff41e0220 in WebCore::ThreadTimers::sharedTimerFiredInternal ( this=0x7fffe9178540) at ../WebCore/platform/ThreadTimers.cpp:112 #25 0x00007ffff4471b72 in timeout_cb () at ../WebCore/platform/gtk/SharedTimerGtk.cpp:48 #26 0x00007ffff550a12a in g_main_dispatch (context=0x6c79a0) at /tmp/buildd/glib2.0-2.22.2/glib/gmain.c:1960 #27 IA__g_main_context_dispatch (context=0x6c79a0) at /tmp/buildd/glib2.0-2.22.2/glib/gmain.c:2513 #28 0x00007ffff550d988 in g_main_context_iterate (context=0x6c79a0, block=1, dispatch=1, self=<value optimized out>) at /tmp/buildd/glib2.0-2.22.2/glib/gmain.c:2591 #29 0x00007ffff550de5d in IA__g_main_loop_run (loop=0x701c90) at /tmp/buildd/glib2.0-2.22.2/glib/gmain.c:2799 #30 0x00007ffff7482ca7 in IA__gtk_main () at /tmp/buildd/gtk+2.0-2.18.3/gtk/gtkmain.c:1218 #31 0x0000000000420c7c in main () (gdb) 158864 1 gustavo 2009-10-29 05:08:36 -0700 FWIW, I confirmed this crash with latest trunk. 245385 2 krit 2010-07-01 09:27:57 -0700 The SVG code changed, and this file throws an ASSERT in the SVG Code, see bug 41467 291763 3 zimmermann 2010-10-08 11:01:10 -0700 Can you retry on cairo with trunk? The assertion in the SVG code at least is gone. 297745 4 mrobinson 2010-10-21 17:32:33 -0700 I no longer see this crash with trunk. I think perhaps that fixes the FreeType font backend fixed this issue. Closing.