Bug 212670

Summary:

[Win] infinite loop in ComplexTextController::indexOfCurrentRun

Product:

WebKit

Reporter:

Fujii Hironori <fujii.hironori>

Component:

Text

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

mmaxfield

Priority:

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=108877

Bug Depends on:

212944

Bug Blocks:

Attachments:

Description	Flags
simplified content	none
reduced content	none

Fujii Hironori

Reported 2020-06-02 16:51:04 PDT

[Win] infinite loop in ComplexTextController::indexOfCurrentRun AppleWin, WinCairo WK1 and WK2 1. Go to https://ima.goo.ne.jp/column/writer/129.html or https://ima.goo.ne.jp/column/article/8431.html 2. The while loop in ComplexTextController::indexOfCurrentRun never quit Callstack: > WebKit.dll!WebCore::ComplexTextController::indexOfCurrentRun(unsigned int & leftmostGlyph=0) Line 526 C++ > WebKit.dll!WebCore::ComplexTextController::incrementCurrentRun(unsigned int & leftmostGlyph=0) Line 551 C++ > WebKit.dll!WebCore::ComplexTextController::advance(unsigned int offset=38, WebCore::GlyphBuffer * glyphBuffer=0x0000000000000000, WebCore::GlyphIterationStyle iterationStyle=ByWholeGlyphs, WTF::HashSet<WebCore::Font const *,WTF::PtrHash<WebCore::Font const *>,WTF::HashTraits<WebCore::Font const *>> * fallbackFonts=0x000000fecbcfb068) Line 662 C++ > WebKit.dll!WebCore::TextLayout::width(unsigned int from=0, unsigned int len=38, WTF::HashSet<WebCore::Font const *,WTF::PtrHash<WebCore::Font const *>,WTF::HashTraits<WebCore::Font const *>> * fallbackFonts=0x000000fecbcfb068) Line 69 C++ > WebKit.dll!WebCore::FontCascade::width(WebCore::TextLayout & layout={...}, unsigned int from=0, unsigned int len=38, WTF::HashSet<WebCore::Font const *,WTF::PtrHash<WebCore::Font const *>,WTF::HashTraits<WebCore::Font const *>> * fallbackFonts=0x000000fecbcfb068) Line 102 C++ > WebKit.dll!WebCore::textWidth(WebCore::RenderText & text={...}, unsigned int from=0, unsigned int len=38, const WebCore::FontCascade & font={...}, float xPos=0.000000000, bool isFixedPitch=false, bool collapseWhiteSpace=true, WTF::HashSet<WebCore::Font const *,WTF::PtrHash<WebCore::Font const *>,WTF::HashTraits<WebCore::Font const *>> & fallbackFonts={...}, WebCore::TextLayout * layout=0x00000205730b5f10) Line 562 C++ > WebKit.dll!WebCore::BreakingContext::computeAdditionalBetweenWordsWidth(WebCore::RenderText & renderText={...}, WebCore::TextLayout * textLayout=0x00000205730b5f10, char16_t currentCharacter=u'さ', WebCore::WordTrailingSpace & wordTrailingSpace={...}, WTF::HashSet<WebCore::Font const *,WTF::PtrHash<WebCore::Font const *>,WTF::HashTraits<WebCore::Font const *>> & fallbackFonts={...}, WTF::Vector<WebCore::WordMeasurement,64,WTF::CrashOnOverflow,16,WTF::FastMalloc> & wordMeasurements={...}, const WebCore::FontCascade & font={...}, bool isFixedPitch=false, unsigned int lastSpace=0, float lastSpaceWordSpacing=0.000000000, float wordSpacingForWordMeasurement=0.000000000, unsigned int offset=38) Line 658 C++ > WebKit.dll!WebCore::BreakingContext::handleText(WTF::Vector<WebCore::WordMeasurement,64,WTF::CrashOnOverflow,16,WTF::FastMalloc> & wordMeasurements={...}, bool & hyphenated=false, unsigned int & consecutiveHyphenatedLines=0) Line 833 C++ > WebKit.dll!WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator,WebCore::BidiRun,WebCore::BidiIsolatedRun> & resolver={...}, WebCore::LineInfo & lineInfo={...}, WebCore::RenderTextInfo & renderTextInfo={...}, WebCore::FloatingObject * lastFloatFromPreviousLine=0x0000000000000000, unsigned int consecutiveHyphenatedLines=0, WTF::Vector<WebCore::WordMeasurement,64,WTF::CrashOnOverflow,16,WTF::FastMalloc> & wordMeasurements={...}) Line 110 C++ > WebKit.dll!WebCore::ComplexLineLayout::layoutRunsAndFloatsInRange(WebCore::LineLayoutState & layoutState={...}, WebCore::BidiResolverWithIsolate<WebCore::InlineIterator,WebCore::BidiRun,WebCore::BidiIsolatedRun> & resolver={...}, const WebCore::InlineIterator & cleanLineStart={...}, const WebCore::BidiStatus & cleanLineBidiStatus={...}, unsigned int consecutiveHyphenatedLines=0) Line 1385 C++ > WebKit.dll!WebCore::ComplexLineLayout::layoutRunsAndFloats(WebCore::LineLayoutState & layoutState={...}, bool hasInlineChild=true) Line 1339 C++ > WebKit.dll!WebCore::ComplexLineLayout::layoutLineBoxes(bool relayoutChildren=true, WebCore::LayoutUnit & repaintLogicalTop={...}, WebCore::LayoutUnit & repaintLogicalBottom={...}) Line 1748 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutInlineChildren(bool relayoutChildren=true, WebCore::LayoutUnit & repaintLogicalTop={...}, WebCore::LayoutUnit & repaintLogicalBottom={...}) Line 702 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren=true, WebCore::LayoutUnit pageLogicalHeight={...}) Line 511 C++ > WebKit.dll!WebCore::RenderBlock::layout() Line 600 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child={...}, WebCore::RenderBlockFlow::MarginInfo & marginInfo={...}, WebCore::LayoutUnit & previousFloatLogicalBottom={...}, WebCore::LayoutUnit & maxFloatLogicalBottom={...}) Line 762 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren=true, WebCore::LayoutUnit & maxFloatLogicalBottom={...}) Line 662 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren=true, WebCore::LayoutUnit pageLogicalHeight={...}) Line 514 C++ > WebKit.dll!WebCore::RenderBlock::layout() Line 600 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child={...}, WebCore::RenderBlockFlow::MarginInfo & marginInfo={...}, WebCore::LayoutUnit & previousFloatLogicalBottom={...}, WebCore::LayoutUnit & maxFloatLogicalBottom={...}) Line 762 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren=true, WebCore::LayoutUnit & maxFloatLogicalBottom={...}) Line 662 C++ > WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren=true, WebCore::LayoutUnit pageLogicalHeight={...}) Line 514 C++ > WebKit.dll!WebCore::RenderBlock::layout() Line 600 C++ > WebKit.dll!WebCore::RenderView::layout() Line 189 C++ > WebKit.dll!WebCore::FrameViewLayoutContext::layout() Line 254 C++ > WebKit.dll!WebCore::Document::implicitClose() Line 3094 C++ > WebKit.dll!WebCore::FrameLoader::checkCallImplicitClose() Line 966 C++ > WebKit.dll!WebCore::FrameLoader::checkCompleted() Line 908 C++ > WebKit.dll!WebCore::FrameLoader::finishedParsing() Line 818 C++ > WebKit.dll!WebCore::Document::finishedParsing() Line 5886 C++ > WebKit.dll!WebCore::HTMLConstructionSite::finishedParsing() Line 420 C++ > WebKit.dll!WebCore::HTMLTreeBuilder::finished() Line 2845 C++ > WebKit.dll!WebCore::HTMLDocumentParser::end() Line 450 C++ > WebKit.dll!WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() Line 459 C++ > WebKit.dll!WebCore::HTMLDocumentParser::prepareToStopParsing() Line 154 C++ > WebKit.dll!WebCore::HTMLDocumentParser::attemptToEnd() Line 471 C++ > WebKit.dll!WebCore::HTMLDocumentParser::finish() Line 499 C++ > WebKit.dll!WebCore::DocumentWriter::end() Line 289 C++ > WebKit.dll!WebCore::DocumentLoader::finishedLoading() Line 453 C++ > WebKit.dll!WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource & resource={...}, const WebCore::NetworkLoadMetrics & __formal={...}) Line 397 C++ > WebKit.dll!WebCore::CachedResource::checkNotify(const WebCore::NetworkLoadMetrics & metrics={...}) Line 376 C++ > WebKit.dll!WebCore::CachedResource::finishLoading(WebCore::SharedBuffer * __formal=0x00000205732a6350, const WebCore::NetworkLoadMetrics & metrics={...}) Line 393 C++ > WebKit.dll!WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer * data=0x00000205732a6350, const WebCore::NetworkLoadMetrics & metrics={...}) Line 124 C++ > WebKit.dll!WebCore::SubresourceLoader::didFinishLoading(const WebCore::NetworkLoadMetrics & networkLoadMetrics={...}) Line 734 C++ > WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x00000205732b3250) Line 732 C++ > WebKit.dll!WebCore::CurlResourceHandleDelegate::curlDidComplete(WebCore::CurlRequest & __formal={...}, WebCore::NetworkLoadMetrics && __formal={...}) Line 164 C++ > WebKit.dll!WebCore::CurlRequest::didCompleteTransfer::__l11::<lambda>(WebCore::CurlRequest & request={...}, WebCore::CurlRequestClient & client={...}) Line 466 C++ > WebKit.dll!WTF::Detail::CallableWrapper<void <lambda>(WebCore::CurlRequest &, WebCore::CurlRequestClient &),void,WebCore::CurlRequest &,WebCore::CurlRequestClient &>::call(WebCore::CurlRequest & <in_0>={...}, WebCore::CurlRequestClient & <in_1>={...}) Line 52 C++ > WebKit.dll!WTF::Function<void __cdecl(WebCore::CurlRequest &,WebCore::CurlRequestClient &)>::operator()(WebCore::CurlRequest & <in_0>={...}, WebCore::CurlRequestClient & <in_1>={...}) Line 85 C++ > WebKit.dll!WebCore::CurlRequest::callClient::__l2::<lambda>() Line 184 C++ > WebKit.dll!WTF::Detail::CallableWrapper<void <lambda>(void),void>::call() Line 52 C++ > WTF.dll!WTF::Function<void __cdecl(void)>::operator()() Line 85 C++ > WTF.dll!WTF::dispatchFunctionsFromMainThread() Line 96 C++ > WTF.dll!WTF::ThreadingWindowWndProc(HWND__ * hWnd=0x0000000000302d22, unsigned int message=49943, unsigned __int64 wParam=0, __int64 lParam=0) Line 48 C++ > user32.dll!00007ffba0cc5c0d() Unknown > user32.dll!00007ffba0cc5602() Unknown > MiniBrowserLib.dll!wWinMain(HINSTANCE__ * hInstance=0x00007ff783b10000, HINSTANCE__ * hPrevInstance=0x0000000000000000, wchar_t * lpstrCmdLine=0x000002056d756814, int nCmdShow=10) Line 120 C++ > MiniBrowserLib.dll!dllLauncherEntryPoint(HINSTANCE__ * hInstance=0x00007ff783b10000, HINSTANCE__ * hPrevInstance=0x0000000000000000, wchar_t * lpstrCmdLine=0x000002056d756814, int nCmdShow=10) Line 140 C++ > MiniBrowser.exe!wWinMain(HINSTANCE__ * hInstance=0x00007ff783b10000, HINSTANCE__ * hPrevInstance=0x0000000000000000, wchar_t * lpstrCmdLine=0x000002056d756814, int nCmdShow=10) Line 224 C++ > [Inline Frame] MiniBrowser.exe!invoke_main() Line 118 C++ > MiniBrowser.exe!__scrt_common_main_seh() Line 288 C++ > kernel32.dll!00007ffb9f227bd4() Unknown > ntdll.dll!00007ffba0f0ce51() Unknown Mac Safari doesn't seem to have this issue.

Attachments
simplified content (117 bytes, text/html) 2020-06-02 16:51 PDT, Fujii Hironori	no flags	Details
reduced content (18 bytes, text/html) 2020-06-02 20:43 PDT, Fujii Hironori	no flags	Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Fujii Hironori

Comment 1 2020-06-02 16:51:41 PDT

Created attachment 400867 [details] simplified content

Fujii Hironori

Comment 2 2020-06-02 20:43:37 PDT

Created attachment 400888 [details] reduced content

Fujii Hironori

Comment 3 2020-06-08 17:18:32 PDT

Bug 108877 – Chromium: Hang parsing bidi control chars on Mac OS X 10.6 It's a very similar issue.

Fujii Hironori

Comment 4 2020-06-09 13:01:14 PDT

This bug is caused by the following reasons: 1. Windows FontCache::systemFallbackForCharacters returns "Arial Unicode MS" font for some Tibetan characters, but it should be "Microsoft Himalaya". Bug 212688 – [Win] Some Tibetan characters aren't shown 2. ComplexTextControllerUniscribe simply ignores the complex text run if ScriptShape fails with USP_E_SCRIPT_NOT_IN_FONT Bug 212947 – [Win] ComplexTextControllerUniscribe: Retry ScriptShape with SCRIPT_UNDEFINED if it failed as USP_E_SCRIPT_NOT_IN_FONT 3. ComplexTextController::indexOfCurrentRun assumes the complex text runs are consecutive Bug 212944 – ComplexTextController: Use std::sort to calculate m_runIndices Fixed in r262804 and r262803.

Note You need to log in before you can comment on or make changes to this bug.