Bug 230548

Summary: Crash when rendering a non-system font with 'small-caps' font variant
Product: WebKit Reporter: paul.watkinson
Component: CanvasAssignee: Myles C. Maxfield <mmaxfield>
Status: RESOLVED DUPLICATE    
Severity: Major CC: dino, mmaxfield, paul.watkinson, sabouhallawa, simon.fraser, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: iPhone / iPad   
OS: Other   
Attachments:
Description Flags
test case none

Description paul.watkinson 2021-09-21 04:31:35 PDT 
When rendering a non-system font with the 'small-caps' font variant, the page crashes and reloads.

This occurs with the following devices:
    1. Simulated iPhone 13 + iOS 15.0, WebKit/605.1.15
    2. Real iPhone XR + iOS 15.0, WebKit/605.1.15


Reproduction:

Adding the following JavaScript to a HTML page; loads a font, waits 5s, and then renders the text to a canvas.

This immediately causes a crash.

```
var fontFamily = 'Luckiest Guy';
var link = document.createElement('link');
link.setAttribute('rel', 'stylesheet');
link.setAttribute('href', `https://fonts.googleapis.com/css?family=${fontFamily}`);

document.head.appendChild(link);
document.body.style.fontFamily = `'${fontFamily}'`;

var canvas = document.createElement('canvas');
document.body.appendChild(canvas);

var ctx = canvas.getContext('2d');
ctx.font = `normal small-caps normal 48px '${fontFamily}'`;

setInterval(() => {
    console.log('Drawing...');
    ctx.fillText('Hello, World!', 0, 48);
}, 5e3);
```


Actual Results:

The page crashes and is reloaded.


Expected Results:

The canvas should render the text, with the font-variant specified.
Comment 1 Alexey Proskuryakov 2021-09-21 09:14:19 PDT 
Created attachment 438828 [details]
test case

Same test as an attachment.
Comment 2 Alexey Proskuryakov 2021-09-21 09:31:15 PDT 
I can reproduce this with 19B50, cannot reproduce with 18F72.

There are several simulated crashes in WebContent and GPU processes when opening this test, but I am not seeing any actual crashes. So maybe we are killing the process, I didn't analyze the logs.
Comment 3 Radar WebKit Bug Importer 2021-09-21 09:31:29 PDT 
<rdar://problem/83355212>
Comment 4 Simon Fraser (smfr) 2021-09-21 09:32:23 PDT 
Pretty sure this has been fixed.
Comment 5 Alexey Proskuryakov 2021-09-21 09:34:40 PDT 
Actually, one of the simulated crash logs says:

Requesting termination of web process 1156 for reason: "Resource is being released before being cached."
Comment 6 Simon Fraser (smfr) 2021-09-21 10:13:56 PDT 

*** This bug has been marked as a duplicate of bug 229401 ***