Bug 30757

Hi, with webkit/gtk 1.1.15.1 loading http://upload.wikimedia.org/wikipedia/commons/5/51/Petra_location_map-de-2.svg gives a reliable segfault. Apparently the problem is, that webkit passes a NULL font to cairo_ft_scaled_font_lock_face() from WebCore::GlyphPage::fill(). Program received signal SIGSEGV, Segmentation fault. cairo_ft_scaled_font_lock_face (abstract_font=0x0) at /tmp/buildd/cairo-1.9.4/src/cairo-ft-font.c:2833 2833 /tmp/buildd/cairo-1.9.4/src/cairo-ft-font.c: Datei oder Verzeichnis nicht gefunden. in /tmp/buildd/cairo-1.9.4/src/cairo-ft-font.c (gdb) bt #0 cairo_ft_scaled_font_lock_face (abstract_font=0x0) at /tmp/buildd/cairo-1.9.4/src/cairo-ft-font.c:2833 #1 0x00007ffff44891d9 in WebCore::GlyphPage::fill (this=0x7fffde46a400, offset=0, length=256, buffer=0x7fffffffc600, bufferLength=256, fontData=0x7fffde53aa00) at ../WebCore/platform/graphics/gtk/GlyphPageTreeNodeGtk.cpp:45 #2 0x00007ffff41eedc6 in WebCore::GlyphPageTreeNode::initializePage ( this=0x7fffde555b00, fontData=0x7fffde52c348, pageNumber=<value optimized out>) at ../WebCore/platform/graphics/GlyphPageTreeNode.cpp:222 #3 0x00007ffff41ef339 in WebCore::GlyphPageTreeNode::getChild ( this=0x7fffe9228980, fontData=0x7fffde52c348, pageNumber=0) at ../WebCore/platform/graphics/GlyphPageTreeNode.cpp:323 #4 0x00007ffff41ed1dd in WebCore::Font::glyphDataForCharacter ( this=0x7fffde4aadf0, c=83, mirror=false, forceSmallCaps=false) at ../WebCore/platform/graphics/FontFastPath.cpp:64 #5 0x00007ffff41fbf7c in WebCore::WidthIterator::advance ( this=0x7fffffffcd50, offset=6, glyphBuffer=0x0) at ../WebCore/platform/graphics/WidthIterator.cpp:116 #6 0x00007ffff41ec8c5 in WebCore::Font::floatWidthForSimpleText ( this=<value optimized out>, run=..., glyphBuffer=0x0, fallbackFonts=<value optimized out>) at ../WebCore/platform/graphics/FontFastPath.cpp:323 #7 0x00007ffff4263144 in WebCore::Font::width (this=0x7fffde4c2230, resolver=..., firstLine=true, isLineEmpty=@0x7fffffffd5bc, previousLineBrokeCleanly=@0x7fffffffd5bd, clear=0x7fffffffd5a8) at ../WebCore/platform/graphics/Font.h:81 #8 textWidth (this=0x7fffde4c2230, resolver=..., firstLine=true, isLineEmpty=@0x7fffffffd5bc, previousLineBrokeCleanly=@0x7fffffffd5bd, clear=0x7fffffffd5a8) at ../WebCore/rendering/RenderBlockLineLayout.cpp:1582 #9 WebCore::RenderBlock::findNextLineBreak (this=0x7fffde4c2230, resolver=..., firstLine=true, isLineEmpty=@0x7fffffffd5bc, previousLineBrokeCleanly=@0x7fffffffd5bd, clear=0x7fffffffd5a8) at ../WebCore/rendering/RenderBlockLineLayout.cpp:1896 #10 0x00007ffff4265642 in WebCore::RenderBlock::layoutInlineChildren ( this=0x7fffde4c2230, relayoutChildren=true, repaintTop=@0x7fffffffd6ac, repaintBottom=@0x7fffffffd6a8) at ../WebCore/rendering/RenderBlockLineLayout.cpp:959 #11 0x00007ffff425a6c5 in WebCore::RenderBlock::layoutBlock ( this=0x7fffde4c2230, relayoutChildren=true) at ../WebCore/rendering/RenderBlock.cpp:712 #12 0x00007ffff424a9db in WebCore::RenderBlock::layout (this=0x7fffde4c2230) at ../WebCore/rendering/RenderBlock.cpp:638 #13 0x00007ffff4397449 in WebCore::RenderSVGText::layout (this=0x7fffde4c2230) at ../WebCore/rendering/RenderSVGText.cpp:86 #14 0x00007ffff4391fdd in WebCore::RenderObject::layoutIfNeeded ( this=0x7fffde4c2070) at ../WebCore/rendering/RenderObject.h:488 #15 WebCore::RenderSVGContainer::layout (this=0x7fffde4c2070) at ../WebCore/rendering/RenderSVGContainer.cpp:73 #16 0x00007ffff4396344 in WebCore::RenderObject::layoutIfNeeded ( this=0x7fffde4c1660) at ../WebCore/rendering/RenderObject.h:488 #17 WebCore::RenderSVGRoot::layout (this=0x7fffde4c1660) at ../WebCore/rendering/RenderSVGRoot.cpp:102 #18 0x00007ffff4258b4e in WebCore::RenderBlock::layoutBlockChild ( this=0x7fffde4c1420, child=0x7fffde4c1660, marginInfo=..., previousFloatBottom=<value optimized out>, maxFloatBottom=@0x7fffffffdaf4) at ../WebCore/rendering/RenderBlock.cpp:1327 #19 0x00007ffff42596f0 in WebCore::RenderBlock::layoutBlockChildren ( this=0x7fffde4c1420, relayoutChildren=false, maxFloatBottom=@0x7fffffffdaf4) at ../WebCore/rendering/RenderBlock.cpp:1270 #20 0x00007ffff425ab33 in WebCore::RenderBlock::layoutBlock ( this=0x7fffde4c1420, relayoutChildren=false) at ../WebCore/rendering/RenderBlock.cpp:714 #21 0x00007ffff424a9db in WebCore::RenderBlock::layout (this=0x7fffde4c1420) at ../WebCore/rendering/RenderBlock.cpp:638 #22 0x00007ffff42deaa4 in WebCore::RenderView::layout (this=0x7fffde4c1420) at ../WebCore/rendering/RenderView.cpp:122 #23 0x00007ffff41a2413 in WebCore::FrameView::layout ( this=<value optimized out>, allowSubtree=<value optimized out>) at ../WebCore/page/FrameView.cpp:624 #24 0x00007ffff41e0220 in WebCore::ThreadTimers::sharedTimerFiredInternal ( this=0x7fffe9178540) at ../WebCore/platform/ThreadTimers.cpp:112 #25 0x00007ffff4471b72 in timeout_cb () at ../WebCore/platform/gtk/SharedTimerGtk.cpp:48 #26 0x00007ffff550a12a in g_main_dispatch (context=0x6c79a0) at /tmp/buildd/glib2.0-2.22.2/glib/gmain.c:1960 #27 IA__g_main_context_dispatch (context=0x6c79a0) at /tmp/buildd/glib2.0-2.22.2/glib/gmain.c:2513 #28 0x00007ffff550d988 in g_main_context_iterate (context=0x6c79a0, block=1, dispatch=1, self=<value optimized out>) at /tmp/buildd/glib2.0-2.22.2/glib/gmain.c:2591 #29 0x00007ffff550de5d in IA__g_main_loop_run (loop=0x701c90) at /tmp/buildd/glib2.0-2.22.2/glib/gmain.c:2799 #30 0x00007ffff7482ca7 in IA__gtk_main () at /tmp/buildd/gtk+2.0-2.18.3/gtk/gtkmain.c:1218 #31 0x0000000000420c7c in main () (gdb)