Bug 63400

Summary: svg/text/svg-zoom-large-value.xhtml ASSERTs on Chromium Linux Debug
Product: WebKit Reporter: WebKit Review Bot <webkit.review.bot>
Component: New BugsAssignee: Abhishek Arya <inferno>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, darin, inferno, reed, schenney, senorblanco, wjmaclean
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

WebKit Review Bot
Reported 2011-06-26 07:16:56 PDT
svg/text/svg-zoom-large-value.xhtml ASSERTs on Chromium Linux Debug Requested by abarth on #webkit.
Attachments
Add attachment proposed patch, testcase, etc.
Adam Barth
Comment 1 2011-06-26 07:22:42 PDT
Landed suppression in http://trac.webkit.org/changeset/89768
Adam Barth
Comment 2 2011-06-26 07:23:05 PDT
webkit/support/webkit_support.cc:73: Failure Failed [20993:20993:5935657696522:FATAL:Sk64.h(46)] third_party/skia/include/core/Sk64.h:46: failed assertion "this->is32()" Backtrace: base::debug::StackTrace::StackTrace() [0x972e0e] logging::LogMessage::~LogMessage() [0x91695e] SkDebugf_FileLine() [0x9fa1df] Sk64::get32() [0x995367] SkMulDiv() [0x9af0fb] SkScalerContext_FreeType::generateFontMetrics() [0x9f8af3] SkScalerContext::getFontMetrics() [0x9dae4d] SkGlyphCache::SkGlyphCache() [0x9ac177] SkGlyphCache::VisitCache() [0x9ad2ce] FontMetricsDescProc() [0x9b9e41] SkPaint::descriptorProc() [0x9baf14] SkPaint::getFontMetrics() [0x9b9f4f] WebCore::SimpleFontData::platformInit() [0xeb383d] WebCore::SimpleFontData::SimpleFontData() [0xe8886e] WebCore::FontCache::getCachedFontData() [0xe50ca0] WebCore::FontCache::getCachedFontData() [0xe50b17] WebCore::FontCache::getFontData() [0xe516e3] WebCore::FontFallbackList::fontDataAt() [0xe5d52d] WebCore::FontFallbackList::primaryFontData() [0x4d6d5a] WebCore::FontFallbackList::primarySimpleFontData() [0x4d6d05] WebCore::Font::primaryFont() [0x4d6e25] WebCore::WidthIterator::advance() [0xe8b76c] WebCore::Font::floatWidthForSimpleText() [0xe5ff12] WebCore::Font::width() [0xe4f13b] WebCore::SVGTextMetrics::SVGTextMetrics() [0x176488b] WebCore::SVGTextMetrics::measureCharacterRange() [0x1764cc7] WebCore::SVGTextLayoutAttributesBuilder::propagateLayoutAttributes() [0x175d89e] WebCore::SVGTextLayoutAttributesBuilder::buildLayoutAttributesForTextSubtree() [0x175d092] WebCore::RenderSVGText::layout() [0x1740f75] WebCore::SVGRenderSupport::layoutChildren() [0x1747f97] WebCore::RenderSVGRoot::layout() [0x184b377] WebCore::RenderObject::layoutIfNeeded() [0x15f74c1] WebCore::RenderBlock::layoutInlineChildren() [0x1616fd8] WebCore::RenderBlock::layoutBlock() [0x15de51c] WebCore::RenderBlock::layout() [0x15dde54] WebCore::RenderBlock::layoutBlockChild() [0x15e18da] WebCore::RenderBlock::layoutBlockChildren() [0x15e14f6] WebCore::RenderBlock::layoutBlock() [0x15de53a] WebCore::RenderBlock::layout() [0x15dde54] WebCore::RenderBlock::layoutBlockChild() [0x15e18da] WebCore::RenderBlock::layoutBlockChildren() [0x15e14f6] WebCore::RenderBlock::layoutBlock() [0x15de53a] WebCore::RenderBlock::layout() [0x15dde54] WebCore::RenderView::layout() [0x16f1e17] WebCore::FrameView::layout() [0x137aff5] WebCore::Document::implicitClose() [0x10e7ed5] WebCore::FrameLoader::checkCallImplicitClose() [0x12d20e7] WebCore::FrameLoader::checkCompleted() [0x12d1eba] WebCore::FrameLoader::finishedParsing() [0x12d1c13] WebCore::Document::finishedParsing() [0x10f0390] WebCore::XMLDocumentParser::end() [0x119a494] WebCore::XMLDocumentParser::finish() [0x119a4ce] WebCore::DocumentWriter::endIfNotLoadingMainResource() [0x12ccc78] WebCore::DocumentWriter::end() [0x12ccb9b] WebCore::DocumentLoader::finishedLoading() [0x12be015] WebCore::FrameLoader::finishedLoading() [0x12d8af5] WebCore::MainResourceLoader::didFinishLoading() [0x12ec5b6] WebCore::ResourceLoader::didFinishLoading() [0x12fda9b] WebCore::ResourceHandleInternal::didFinishLoading() [0x19a70e6] webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest() [0x18c8dc1] (anonymous namespace)::RequestProxy::NotifyCompletedRequest() [0x198cf25] DispatchToMethod<>() [0x1992753]
Abhishek Arya
Comment 3 2011-06-26 09:31:39 PDT
James, I added this test in http://trac.webkit.org/changeset/89705. this looks like Skia is unable to handle clamped 1000000.0f font size. Should we have a lower limit ? Mind taking a look at the test. float CSSStyleSelector::getComputedSizeFromSpecifiedSize(Document* document, float zoomFactor, bool isAbsoluteSize, float specifiedSize, ESmartMinimumForFontSize useSmartMinimumForFontSize) // Also clamp to a reasonable maximum to prevent insane font sizes from causing crashes on various // platforms (I'm looking at you, Windows.) return min(1000000.0f, zoomedSize);
Abhishek Arya
Comment 4 2011-06-26 21:22:33 PDT
James, lowering down the font clamp to 10000.0f fixes the crash. I think in Skia, we should support font sizes larger than that. This is not a security bug and we don't crash in release, so we might have a fallback mechanism in skia.
Mike Reed
Comment 5 2011-06-27 07:17:54 PDT
I will fix skia to not assert/crash on arbitrarily large sizes (including sizes after they are concatenated with the device matrix).
Abhishek Arya
Comment 6 2011-06-27 08:51:47 PDT
(In reply to comment #5) > I will fix skia to not assert/crash on arbitrarily large sizes (including sizes after they are concatenated with the device matrix). Perfect, thanks a lot Mike. I don't think you will need clamping functions here, but if you need some, we have clampTo* function in MathExtras.h
Stephen Chenney
Comment 7 2012-04-11 06:58:11 PDT
This has been fixed! Yippee. Removing from expectations.
Stephen Chenney
Comment 8 2012-04-11 07:00:32 PDT
Committed r113857: <http://trac.webkit.org/changeset/113857>
Note You need to log in before you can comment on or make changes to this bug.