Bug 228186

Summary: [Win] Crash under FontCache::lastResortFallbackFont
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebKit Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, ews-watchlist, Hironori.Fujii, mmaxfield, ryanhaddad, webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=229009
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch
none
Patch
none
Patch none

Description Per Arne Vollan 2021-07-22 09:35:41 PDT 
Frame[00]  Triage Symbol: [WebKit!WebCore::FontCache::lastResortFallbackFont+0xec]
    Frame[01]  Triage Symbol: [WebKit!WebCore::FontCascadeFonts::realizeFallbackRangesAt+0x271]
    Frame[02]  Triage Symbol: [WebKit!WebCore::FontCascade::primaryFont+0x35]
    Frame[03]  Triage Symbol: [WebKit!WebCore::LayoutIntegration::canUseForFontAndText+0x44]
    Frame[04]  Triage Symbol: [WebKit!WebCore::LayoutIntegration::canUseForChild+0x559]
    Frame[05]  Triage Symbol: [WebKit!WebCore::LayoutIntegration::canUseForLineLayoutWithReason+0x3e3]
    Frame[06]  Triage Symbol: [WebKit!WebCore::LayoutIntegration::LineLayout::canUseFor+0x2c]
    Frame[07]  Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutInlineChildren+0x2e]
    Frame[08]  Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlock+0x3b6]
    Frame[09]  Triage Symbol: [WebKit!WebCore::RenderBlock::layout+0x80]
    Frame[0a]  Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlockChild+0x292]
    Frame[0b]  Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlockChildren+0x47a]
    Frame[0c]  Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlock+0x3c1]
    Frame[0d]  Triage Symbol: [WebKit!WebCore::RenderBlock::layout+0x80]
    Frame[0e]  Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlockChild+0x292]
    Frame[0f]  Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlockChildren+0x47a]
    Frame[10]  Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlock+0x3c1]
    Frame[11]  Triage Symbol: [WebKit!WebCore::RenderBlock::layout+0x80]
    Frame[12]  Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlockChild+0x292]
    Frame[13]  Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlockChildren+0x47a]
    Frame[14]  Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlock+0x3c1]
    Frame[15]  Triage Symbol: [WebKit!WebCore::RenderBlock::layout+0x80]
    Frame[16]  Triage Symbol: [WebKit!WebCore::RenderView::layout+0x2ed]
    Frame[17]  Triage Symbol: [WebKit!WebCore::FrameViewLayoutContext::layout+0x5bf]
    Frame[18]  Triage Symbol: [WebKit!WebCore::Document::implicitClose+0x32b]
    Frame[19]  Triage Symbol: [WebKit!WebCore::FrameLoader::checkCompleted+0x13f]
    Frame[1a]  Triage Symbol: [WebKit!WebCore::CachedResourceLoader::loadDone+0x80]
    Frame[1b]  Triage Symbol: [WebKit!WebCore::SubresourceLoader::notifyDone+0x55]
    Frame[1c]  Triage Symbol: [WebKit!WebCore::SubresourceLoader::didFinishLoading+0x286]
    Frame[1d]  Triage Symbol: [WebKit!<lambda_e7e2d454785dfeaf6199132ec807941c>::operator+0xec]
    Frame[1e]  Triage Symbol: [WTF!WTF::RunLoop::performWork+0x23f]
    Frame[1f]  Ignore Symbol: [WTF!WTF::RunLoop::RunLoopWndProc+0x5c]
    Frame[20]  Triage Symbol: [USER32!UserCallWinProcCheckWow+0x2bd]
    Frame[21]  Triage Symbol: [USER32!DispatchMessageWorker+0x1e2]
    Frame[22]  Triage Symbol: [DumpRenderTreeLib!runTest+0xaf8]
    Frame[23]  Triage Symbol: [DumpRenderTreeLib!main+0x5d3]
    Frame[24]  Triage Symbol: [DumpRenderTree!main+0x880]
    Frame[25]  Triage Symbol: [DumpRenderTree!__scrt_common_main_seh+0x10c]
    Frame[26]  Triage Symbol: [KERNEL32!BaseThreadInitThunk+0x14]
    Frame[27]  Triage Symbol: [ntdll!RtlUserThreadStart+0x21]
Comment 1 Per Arne Vollan 2021-07-22 09:39:10 PDT 
Created attachment 434015 [details]
Patch
Comment 2 Radar WebKit Bug Importer 2021-07-29 09:37:12 PDT 
<rdar://problem/81275954>
Comment 3 Per Arne Vollan 2021-07-30 08:27:04 PDT 
Created attachment 434630 [details]
Patch
Comment 4 Per Arne Vollan 2021-08-02 10:05:53 PDT 
Created attachment 434766 [details]
Patch
Comment 5 Per Arne Vollan 2021-08-04 07:31:19 PDT 
Created attachment 434902 [details]
Patch
Comment 6 Brent Fulgham 2021-08-04 08:10:45 PDT 
Comment on attachment 434902 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=434902&action=review

> Source/WebKitLegacy/win/WebView.cpp:1327
> +    if (hdc) {

I wonder if we should just have an early return if hdc is blank? But this is fine as-is.
Comment 7 Per Arne Vollan 2021-08-19 09:34:39 PDT 
Created attachment 435874 [details]
Patch
Comment 8 Ryan Haddad 2021-08-20 09:43:31 PDT 
(In reply to Per Arne Vollan from comment #7)
> Created attachment 435874 [details]
> Patch
Though it ultimately passed on retry, it looks like the Win EWS run had a flaky crash, is this related to the patch?

https://ews-build.s3-us-west-2.amazonaws.com/Windows-EWS/r435874-101940-rerun/fast/forms/input-placeholder-paint-order-crash-log.txt
Comment 9 Per Arne Vollan 2021-08-20 10:16:12 PDT 
Created attachment 436006 [details]
Patch
Comment 10 Per Arne Vollan 2021-08-20 10:16:54 PDT 
(In reply to Ryan Haddad from comment #8)
> (In reply to Per Arne Vollan from comment #7)
> > Created attachment 435874 [details]
> > Patch
> Though it ultimately passed on retry, it looks like the Win EWS run had a
> flaky crash, is this related to the patch?
> 
> https://ews-build.s3-us-west-2.amazonaws.com/Windows-EWS/r435874-101940-
> rerun/fast/forms/input-placeholder-paint-order-crash-log.txt

I think this should be resolved in the latest WIP patch.

Thanks for reviewing!
Comment 11 Per Arne Vollan 2021-08-21 14:59:48 PDT 
Comment on attachment 436006 [details]
Patch

Thanks for reviewing!
Comment 12 EWS 2021-08-21 15:04:47 PDT 
Committed r281380 (240795@main): <https://commits.webkit.org/240795@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 436006 [details].