Summary: | REGRESSION(r281439)[GTK] fast/box-shadow/box-shadow-huge-area-crash.html is flaky fail / crash | ||
---|---|---|---|
Product: | WebKit | Reporter: | Carlos Alberto Lopez Perez <clopez> |
Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED FIXED | ||
Severity: | Normal | CC: | bugs-noreply, cgarcia, vitaly |
Priority: | P2 | ||
Version: | WebKit Nightly Build | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=228893 |
Description
Carlos Alberto Lopez Perez
2021-08-31 14:42:45 PDT
This is the diff for when it fails https://people.igalia.com/clopez/wkbug/229740/layout-test-results/results.html I don't have info for when it crashes. On the gtk-release bot it crashed 2 times since r281439 but no backtraces were generated. See https://build.webkit.org/#/builders/57/builds/3420 and https://build.webkit.org/#/builders/57/builds/3395 On the GTK debug bot it has not crashed so far and I have been unable to make it crash locally. (In reply to Carlos Alberto Lopez Perez from comment #0) > Since r281439 the test fast/box-shadow/box-shadow-huge-area-crash.html fails > on GTK the 99% of the times and the other 1% it crashes. > > On WPE it passes fine. This is weird, because the change in r281439 is the same for GTK and WPE ports... OK, I think I figured this one out. The cause of this issue is `hb_position_t` aka `int32_t`. This type is used to represent advances and offset of a glyph in `hb_buffer`. Its format is 16.16, i.e. 16 bits for the integer part and 16 bits for the fractional precision part. See https://github.com/harfbuzz/harfbuzz/issues/2714 for details. But it is *singed* and the first bit is the sign bit. That means the maximum advance and offset value is 2^15 and not 2^16. This limits the maximum advance and offset value to `std::numeric_limits<short>::max()` i.e 32767. We use HarfBuzz to measure text size only when the complex text code path is taken. Until 259842@main WPE port used the simple code path when possible. This explains why the issue was reproducible only on GTK port. PR is coming :) Pull request: https://github.com/WebKit/WebKit/pull/10583 Committed 260882@main (1516848f1a90): <https://commits.webkit.org/260882@main> Reviewed commits have been landed. Closing PR #10583 and removing active labels. |