Bug 48723

Created attachment 72609 [details] Patch

Comment on attachment 72609 [details] Patch How can there be multiple active sources simultaneously?

(In reply to comment #2) > (From update of attachment 72609 [details]) > How can there be multiple active sources simultaneously? I believe that It's caused by arguments. I got below log (SFD means SegmentedFontData and pointer in () is this pointer). As following below message, CSSFontFace(0x77c380) choose two sources. CSSFontFace(0x77c380)::getFontData(fd, 0, 0), fontSelector(0x7a6ad8) activeSource is m_sources[1]->getFontData()=> 0x77be78 <-- first one returned result is 0x945678 SFD(0xcff8e8) fontData is 0x945678 CSSFontFace(0x55dce8)::getFontData(fd, 0, 0), fontSelector(0x7a6ad8) activeSource is m_sources[1]->getFontData()=> 0x55dd70 returned result is 0xd07000 SFD(0xd034f0) fontData is 0xd07000 CSSFontFace(0x77c380)::getFontData(fd, 0, 0), fontSelector(0x7a6ad8) activeSource is m_sources[1]->getFontData()=> 0x77be78 returned result is 0xd093a0 SFD(0xb32b78) fontData is 0xd093a0 SFD(0xb32b78) fontData is 0xd093a0 CSSFontFace(0x55dce8)::getFontData(fd, 0, 0), fontSelector(0x7a6ad8) activeSource is m_sources[1]->getFontData()=> 0x55dd70 returned result is 0xcec1c0 SFD(0xd33248) fontData is 0xcec1c0 CSSFontFace(0x77c380)::getFontData(fd, 1, 0), fontSelector(0x7a6ad8) activeSource is m_sources[0]->getFontData()=> 0x77c350 <-- second one returned result is 0xced468 SFD(0x8af130) fontData is 0xced468 SFD(0xb32b78) fontData is 0xd093a0 SFD(0xcff8e8) fontData is 0x945678 SFD(0xcff8e8) fontData is 0x945678 SFD(0xcff8e8) fontData is 0x945678 SFD(0xcff8e8) fontData is 0x945678 SFD(0xcff8e8) fontData is 0x945678 SFD(0xcff8e8) fontData is 0x945678 SFD(0xcff8e8) fontData is 0x945678 SFD(0xcff8e8) fontData is 0x945678 CSSFontFace(0x55dce8)::getFontData(fd, 0, 0), fontSelector(0x7a6ad8) activeSource is m_sources[1]->getFontData()=> 0x55dd70 returned result is 0xd12cc8 SFD(0xcff630) fontData is 0xd12cc8 SFD(0xb32b78) fontData is 0xd093a0 SFD(0xcff630) fontData is 0xd12cc8 [WebKit] ResourceHandle::create: network is active [WebKit] ResourceHandle::create: status is: 2 (DNet Active) CSSFontFace(0x7068e8)::getFontData(fd, 0, 0), fontSelector(0x7a6ad8) activeSource is m_sources[1]->getFontData()=> 0x706970 returned result is 0xc550c0 SFD(0xb65ed0) fontData is 0xc550c0 CSSFontFace(0x55dce8)::getFontData(fd, 0, 0), fontSelector(0x7a6ad8) activeSource is m_sources[1]->getFontData()=> 0x55dd70 returned result is 0xafecb8 SFD(0xbad360) fontData is 0xafecb8 SFD(0xb669f0) fontData is 0xcca2c8 CSSFontFace(0x55dce8)::getFontData(fd, 0, 0), fontSelector(0x7a6ad8) activeSource is m_sources[1]->getFontData()=> 0x55dd70 returned result is 0x968500 SFD(0xcccbb8) fontData is 0x968500 CSSFontFace(0x7068e8)::getFontData(fd, 1, 0), fontSelector(0x7a6ad8) activeSource is m_sources[1]->getFontData()=> 0x706970 returned result is 0xb2b2c8 SFD(0xcd75e0) fontData is 0xb2b2c8 CSSFontFace(0x7068e8)::getFontData(fd, 0, 0), fontSelector(0x7a6ad8) activeSource is m_sources[1]->getFontData()=> 0x706970 returned result is 0xb3cfa8 SFD(0xcff8c0) fontData is 0xb3cfa8 CSSFontFace(0x55dce8)::getFontData(fd, 0, 0), fontSelector(0x7a6ad8) activeSource is m_sources[1]->getFontData()=> 0x55dd70 returned result is 0xb254c0 SFD(0x937f68) fontData is 0xb254c0 SFD(0x8a3658) fontData is 0x938830 [sys_assert]START of sighandler [sys_assert]this thread is main thread. pid=2995

Created attachment 73977 [details] traceback.log I'm seeing similar (also hardly reproducible, just happens every once-in-a-while) stacktrace with Epiphany/WebkitGtk-1.3.6 on Linux: #6 <signal handler called> #7 0x00007f04d3d1b648 in WebCore::FontFallbackList::fontDataAt (this=0x7f042e585000, font=<value optimized out>, realizedFontIndex=<value optimized out>) at WebCore/platform/graphics/FontFallbackList.cpp:107 #8 0x00007f04d3d1b788 in primaryFontData (this=0x7f0431e33500, font=0x31a46529) at WebCore/platform/graphics/FontFallbackList.h:66 #9 WebCore::FontFallbackList::determinePitch (this=0x7f0431e33500, font=0x31a46529) at WebCore/platform/graphics/FontFallbackList.cpp:76 #10 0x00007f04d3dbd768 in isFixedPitch (this=<value optimized out>, resolver=<value optimized out>, firstLine=<value optimized out>, isLineEmpty=<value optimized out>, previousLineBrokeCleanly=<value optimized out>, hyphenated=@0x7fffcef50509, clear=0x7fffcef504f4, lastFloatFromPreviousLine=0x0) at ./WebCore/platform/graphics/FontFallbackList.h:47 #11 isFixedPitch (this=<value optimized out>, resolver=<value optimized out>, firstLine=<value optimized out>, isLineEmpty=<value optimized out>, previousLineBrokeCleanly=<value optimized out>, hyphenated=@0x7fffcef50509, clear=0x7fffcef504f4, lastFloatFromPreviousLine=0x0) at ./WebCore/platform/graphics/Font.h:251 #12 WebCore::RenderBlock::findNextLineBreak (this=<value optimized out>, resolver=<value optimized out>, firstLine=<value optimized out>, isLineEmpty=<value optimized out>, previousLineBrokeCleanly=<value optimized out>, hyphenated=@0x7fffcef50509, clear=0x7fffcef504f4, lastFloatFromPreviousLine=0x0) at WebCore/rendering/RenderBlockLineLayout.cpp:1623 #13 0x00007f04d3dbf502 in WebCore::RenderBlock::layoutInlineChildren (this=0x7f043161b560, relayoutChildren=<value optimized out>, repaintLogicalTop=@0x7fffcef5063c, repaintLogicalBottom=@0x7fffcef50638) at WebCore/rendering/RenderBlockLineLayout.cpp:665 #14 0x00007f04d3db36f2 in WebCore::RenderBlock::layoutBlock (this=0x7f043161b560, relayoutChildren=true, pageHeight=0) at WebCore/rendering/RenderBlock.cpp:1202 #15 0x00007f04d3d9cfdd in WebCore::RenderBlock::layout (this=0x7f043161b560) at WebCore/rendering/RenderBlock.cpp:1100

Comment on attachment 72609 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=72609&action=review Can you explain more about the crash an dhow it might be triggered in your ChagneLog? > WebCore/css/CSSFontFace.cpp:82 > + if (m_activeSources.find(source) == WTF::notFound) Isn't there a contains() helper which does just this?

(In reply to comment #5) > (From update of attachment 72609 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=72609&action=review > > Can you explain more about the crash an dhow it might be triggered in your ChagneLog? > > > WebCore/css/CSSFontFace.cpp:82 > > + if (m_activeSources.find(source) == WTF::notFound) > > Isn't there a contains() helper which does just this? Right. I'll update patch like you mentioned.

Created attachment 89731 [details] Patch

(In reply to comment #3) > (In reply to comment #2) > > (From update of attachment 72609 [details] [details]) > > How can there be multiple active sources simultaneously? > > I believe that It's caused by arguments. > > I got below log (SFD means SegmentedFontData and pointer in () is this pointer). > As following below message, CSSFontFace(0x77c380) choose two sources. > > > CSSFontFace(0x77c380)::getFontData(fd, 0, 0), fontSelector(0x7a6ad8) > activeSource is m_sources[1]->getFontData()=> 0x77be78 <-- first one > returned result is 0x945678 > CSSFontFace(0x77c380)::getFontData(fd, 1, 0), fontSelector(0x7a6ad8) > activeSource is m_sources[0]->getFontData()=> 0x77c350 <-- second one > returned result is 0xced468 Can you explain how m_sources[0] became active here whereas it wasn’t active the first time around? I can’t identify a code path in CSSFontFaceSource::getFontData() which would explain returning 0 at first and later returning a non-0 value.

Comment on attachment 89731 [details] Patch r- until mitz's question is answered.

*** Bug 59621 has been marked as a duplicate of this bug. ***

*** Bug 59871 has been marked as a duplicate of this bug. ***

I haven't seen this crash for some months. Ryuan, are you still experiencing it?

(In reply to comment #12) > I haven't seen this crash for some months. Ryuan, are you still experiencing it? I'm not sure because we are using it in a local. Anyway, I want to close and reopen when I saw same issue. Thanks.