Bug 22256

Summary: Reproduceable crash with @font-face and :first-letter pseudo class
Product: WebKit Reporter: Dieter Komendera <dieter>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: bdakin, mitz
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: http://komendera.com/webkit/font-face-crash/article.html
Attachments:
Description Flags
crashlog for #22256 none

Dieter Komendera
Reported 2008-11-14 00:00:19 PST
Safari 3.1, 3.2 and WebKit r38386 on MacOS 10.5 crash on this testcase: http://komendera.com/webkit/font-face-crash/article.html The first letter of the paragraph is not displayed. Selecting the text of the header and the paragraph crashes the browser reproducibly. Stacktrace: 0 com.apple.WebCore 0x00f65ab4 WebCore::GlyphPageTreeNode::getChild(WebCore::FontData const*, unsigned int) + 180 1 com.apple.WebCore 0x00f26a34 WebCore::Font::glyphDataForCharacter(int, bool, bool) const + 196 2 com.apple.WebCore 0x01457a20 WebCore::WidthIterator::advance(int, WebCore::GlyphBuffer*) + 1072 3 com.apple.WebCore 0x00f25c89 WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::IntPoint const&, int, int, int) const + 89 4 com.apple.WebCore 0x00f2652b WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::IntPoint const&, int, int, int) const + 187
Attachments
crashlog for #22256 (26.25 KB, text/plain)
2008-11-14 00:02 PST, Dieter Komendera 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Dieter Komendera
Comment 1 2008-11-14 00:02:51 PST
Created attachment 25160 [details] crashlog for #22256
Alexey Proskuryakov
Comment 2 2008-11-14 11:32:14 PST
Confirmed with a local debug build of r38387. Interestingly, after opening and re-opening the page several times, the first letter was displayed, and in that case selecting the text didn't result in a crash. Thread 0 Crashed: 0 com.apple.WebCore 0x035230b4 WebCore::Font::glyphDataForCharacter(int, bool, bool) const + 402 (Font.cpp:168) 1 com.apple.WebCore 0x03b8252d WebCore::WidthIterator::advance(int, WebCore::GlyphBuffer*) + 459 (WidthIterator.cpp:112) 2 com.apple.WebCore 0x03522204 WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::IntPoint const&, int, int, int) const + 92 (Font.cpp:547) 3 com.apple.WebCore 0x03522b1b WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::IntPoint const&, int, int, int) const + 199 (Font.cpp:537) 4 com.apple.WebCore 0x03628f00 WebCore::InlineTextBox::selectionRect(int, int, int, int) + 522 (InlineTextBox.cpp:101) 5 com.apple.WebCore 0x03851d65 WebCore::RenderText::selectionRect(bool) + 413 (RenderText.cpp:1117) 6 com.apple.WebCore 0x03870654 WebCore::RenderObject::SelectionInfo::SelectionInfo(WebCore::RenderObject*, bool) + 92
mitz
Comment 3 2008-11-14 11:36:21 PST
<rdar://problem/6372757>
Dieter Komendera
Comment 4 2009-10-28 01:14:32 PDT
The testcase now works as expected with WebKit r50124 and Safari 4.0.3 (6531.9) on Snow Leopard. The first letter is displayed and WebKit doesn't crash upon selecting it. So it seems this was fixed?
mitz
Comment 5 2009-10-28 01:34:23 PDT
(In reply to comment #4) > The testcase now works as expected with WebKit r50124 and Safari 4.0.3 (6531.9) > on Snow Leopard. > The first letter is displayed and WebKit doesn't crash upon selecting it. > > So it seems this was fixed? This looks like bug 26963. Sorry that I didn’t notice this bug when I filed that one. *** This bug has been marked as a duplicate of bug 26963 ***
Note You need to log in before you can comment on or make changes to this bug.