Bug 156822

Crash under FontCache::purgeInactiveFontData(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000000) [ 0] 0x00007fff8e263884 WebCore`WebCore::FontCache::purgeInactiveFontData(unsigned int) + 308 at FontCache.cpp:429:17 425 426 while (purgeCount) { 427 Vector<RefPtr<Font>, 20> fontsToDelete; 428 for (auto& font : cachedFonts().values()) { -> 429 if (!font->hasOneRef()) 430 continue; 431 fontsToDelete.append(WTFMove(font)); 432 if (!--purgeCount) 433 break; 0x00007fff8e263870: cmpq %rax, %r15 0x00007fff8e263873: je 0x5ebb10 ; <+960> [inlined] WTF::Vector<WTF::RefPtr<WebCore::Font>, 20ul, WTF::CrashOnOverflow, 16ul>::size() const at Vector.h:654 0x00007fff8e263879: nopl (%rax) 0x00007fff8e263880: movq 0x38(%r15), %rcx -> 0x00007fff8e263884: cmpl $0x1, (%rcx) 0x00007fff8e263887: jne 0x5ebab4 ; <+868> [inlined] WTF::HashTableConstIterator<WebCore::FontPlatformData, WTF::KeyValuePair<WebCore::FontPlatformData, WTF::RefPtr<WebCore::Font> >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontPlatformData, WTF::RefPtr<WebCore::Font> > >, WebCore::FontDataCacheKeyHash, WTF::HashMap<WebCore::FontPlatformData, WTF::RefPtr<WebCore::Font>, WebCore::FontDataCacheKeyHash, WebCore::FontDataCacheKeyTraits, WTF::HashTraits<WTF::RefPtr<WebCore::Font> > >::KeyValuePairTraits, WebCore::FontDataCacheKeyTraits>::operator++() at HashTable.h:266 0x00007fff8e26388d: leaq 0x38(%r15), %r12 0x00007fff8e263891: movl -0xd4(%rbp), %eax 0x00007fff8e263897: movq -0xd8(%rbp), %r13 [ 1] 0x00007fff8e894ef7 WebCore`WebCore::MemoryPressureHandler::releaseNoncriticalMemory() + 55 at MemoryPressureHandler.cpp:82:9 78 void MemoryPressureHandler::releaseNoncriticalMemory() 79 { 80 { 81 ReliefLogger log("Purge inactive FontData"); -> 82 FontCache::singleton().purgeInactiveFontData(); 83 } 84 85 { 86 ReliefLogger log("Clear WidthCaches"); [ 2] 0x00007fff8e8954bc WebCore`WebCore::MemoryPressureHandler::releaseMemory(WebCore::Critical, WebCore::Synchronous) + 60 at MemoryPressureHandler.cpp:166:5 162 { 163 if (critical == Critical::Yes) 164 releaseCriticalMemory(synchronous); 165 -> 166 releaseNoncriticalMemory(); 167 168 platformReleaseMemory(critical); 169 170 { [ 3] 0x00007fff8e895d5f WebCore`WebCore::MemoryPressureHandler::respondToMemoryPressure(WebCore::Critical, WebCore::Synchronous) [inlined] std::__1::function<void (WebCore::Critical, WebCore::Synchronous)>::operator()(WebCore::Critical, WebCore::Synchronous) const + 17 at functional:1824:12 [ 3] 0x00007fff8e895d4e WebCore`WebCore::MemoryPressureHandler::respondToMemoryPressure(WebCore::Critical, WebCore::Synchronous) + 78 at MemoryPressureHandlerCocoa.mm:207