| Summary: | Crash with SIGBUS in `WebCore::WidthIterator::advanceInternal` | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Paul Menzel <paulepanter> | ||||
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> | ||||
| Status: | NEW --- | ||||||
| Severity: | Major | ||||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
Created attachment 245735 [details] (gdb) t a a bt f With Debian Sid/unstable, while reading emails, a self built Evolution 3.12.10 crashes with a bus error. WebKitGTK+ 2.4.8 is used. Core was generated by `evolution'. Program terminated with signal SIGBUS, Bus error. #0 WebCore::WidthIterator::advanceInternal<WebCore::Latin1TextIterator> (this=0xbfe4d47c, textIterator=..., glyphBuffer=0xbfe4d500) at ../Source/WebCore/platform/graphics/WidthIterator.cpp:156 Getting the backtrace from the saved core dump file shows the following. Thread 1 (Thread 0xb026f900 (LWP 3046)): #0 WebCore::WidthIterator::advanceInternal<WebCore::Latin1TextIterator> (this=0xbfe4d47c, textIterator=..., glyphBuffer=0xbfe4d500) at ../Source/WebCore/platform/graphics/WidthIterator.cpp:156 No locals. #1 0xb57b3035 in WebCore::WidthIterator::advance (this=0xbfe4d47c, offset=<optimized out>, glyphBuffer=0xbfe4d500) at ../Source/WebCore/platform/graphics/WidthIterator.cpp:349 textIterator = {m_characters = 0xa5612a3d "Von:", m_currentCharacter = 0, m_lastCharacter = 4} textIterator = {m_characters = 0xa5612a3d, m_currentCharacter = 0, m_lastCharacter = 4, m_endCharacter = -1250218675} #2 0xb5792858 in WebCore::Font::getGlyphsAndAdvancesForSimpleText (this=0x87673d00, run=..., from=0, to=4, glyphBuffer=..., forTextEmphasis=WebCore::Font::NotForTextEmphasis) at ../Source/WebCore/platform/graphics/FontFastPath.cpp:133 totalWidth = <optimized out> beforeWidth = <optimized out> glyphPos = <optimized out> afterWidth = <optimized out> glyphTo = <optimized out> it = {m_font = 0x87673d00, m_run = @0xbfe6d944, m_currentCharacter = 0, m_runWidthSoFar = 0, m_expansion = 0, m_expansionPerOpportunity = 0, m_isAfterExpansion = true, m_finalRoundingWidth = 0, m_characterIndexOfGlyph = {<WTF::VectorBuffer<int, 10u>> = {<WTF::VectorBufferBase<int>> = {m_buffer = 0xbfe4d4a8, m_capacity = 10, m_size = 0}, m_inlineBuffer = {{__data = "\000\000\000", __align = {<No data fields>}}, { __data = "\000\000\000", __align = {<No data fields>}}, {__data = "\000\000\000", __align = {<No data fields>}}, { __data = "\000\000\000", __align = {<No data fields>}}, {__data = "\000\000\000", __align = {<No data fields>}}, { __data = "\000\000\000", __align = {<No data fields>}}, {__data = "\000\000\000", __align = {<No data fields>}}, { __data = "\000\000\000", __align = {<No data fields>}}, {__data = "\000\000\000", __align = {<No data fields>}}, { __data = "\000\000\000", __align = {<No data fields>}}}}, <No data fields>}, m_lastGlyphName = {m_impl = {m_ptr = 0x0}}, m_arabicForms = {<WTF::VectorBuffer<WebCore::SVGGlyph::ArabicForm, 0u>> = {<WTF::VectorBufferBase<WebCore::SVGGlyph::ArabicForm>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}, m_typesettingFeatures = 0, m_fallbackFonts = 0x0, m_accountForGlyphBounds = false, m_maxGlyphBoundingBoxY = 1.17549435e-38, m_minGlyphBoundingBoxY = 3.40282347e+38, m_firstGlyphOverflow = 0, m_lastGlyphOverflow = 0, m_forTextEmphasis = false} localGlyphBuffer = { m_fontData = {<WTF::VectorBuffer<WebCore::SimpleFontData const*, 2048u>> = {<WTF::VectorBufferBase<WebCore::SimpleFontData const*>> = {m_buffer = 0xbfe4d50c, m_capacity = 2048, m_size = 0}, m_inlineBuffer = {{__data = "\224\325", <incomplete sequence \344\277>, The only thing I spotted is `m_endCharacter = -1250218675}`. No idea if that is correct. Please find the whole backtrace attached.