Bug 81002

Summary:

ASSERTION FAILED: m_purgePreventCount in FontCache::getCachedFontData running svg/custom/animate-disallowed-use-element.svg

Product:

WebKit

Reporter:

Nikolas Zimmermann <zimmermann>

Component:

SVG

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

mitz, simon.fraser, thorton, webkit-bug-importer, zimmermann

Priority:

Keywords:

InRadar, MakingBotsRed

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
patch	simon.fraser: review+

Nikolas Zimmermann

Reported 2012-03-13 09:08:48 PDT

I sometimes see this assertion when using nrwt --tolerance 0 -p svg. Probably a FontCachePurgePreventer call missing somewhere. should be easy to fix. ASSERTION FAILED: m_purgePreventCount /Users/nzimmermann/Coding/WebKit/Source/WebCore/platform/graphics/FontCache.cpp(280) : WebCore::SimpleFontData *WebCore::FontCache::getCachedFontData(const WebCore::FontPlatformData *, WebCore::FontCache::ShouldRetain) 1 0x10ec70004 WebCore::FontCache::getCachedFontData(WebCore::FontPlatformData const*, WebCore::FontCache::ShouldRetain) 2 0x10ec80611 WebCore::FontCache::getFontDataForCharacters(WebCore::Font const&, unsigned short const*, int) 3 0x10ec86c3d WebCore::Font::glyphDataAndPageForCharacter(int, bool, WebCore::FontDataVariant) const 4 0x10f9a9dc9 WebCore::SVGTextRunRenderingContext::glyphDataForCharacter(WebCore::Font const&, WebCore::TextRun const&, WebCore::WidthIterator&, int, bool, int, unsigned int&) 5 0x10fe3efe6 WebCore::WidthIterator::glyphDataForCharacter(int, bool, int, unsigned int&) 6 0x10fe3f309 WebCore::WidthIterator::advance(int, WebCore::GlyphBuffer*) 7 0x10f9aaf11 WebCore::SVGTextMetricsBuilder::advanceSimpleText() 8 0x10f9aac9c WebCore::SVGTextMetricsBuilder::advance() 9 0x10f9ab4d7 WebCore::SVGTextMetricsBuilder::measureTextRenderer(WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*) 10 0x10f9ab908 WebCore::SVGTextMetricsBuilder::walkTree(WebCore::RenderObject*, WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*) 11 0x10f9ab952 WebCore::SVGTextMetricsBuilder::walkTree(WebCore::RenderObject*, WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*) 12 0x10f9a476e WebCore::SVGTextMetricsBuilder::measureTextRenderer(WebCore::RenderSVGInlineText*) 13 0x10f99162f WebCore::SVGTextLayoutAttributesBuilder::rebuildMetricsForTextRenderer(WebCore::RenderSVGInlineText*) 14 0x10f97a87b WebCore::RenderSVGText::rebuildLayoutAttributes(WTF::Vector<WebCore::SVGTextLayoutAttributes*, 0ul>&) 15 0x10f97a5ee WebCore::RenderSVGInlineText::willBeDestroyed() 16 0x10f94150d WebCore::RenderObject::destroy() 17 0x10f9413fd WebCore::RenderObject::destroyAndCleanupAnonymousWrappers() 18 0x10f6f4d14 WebCore::Node::detach() 19 0x10e79a3e7 WebCore::ContainerNode::detachChildren() 20 0x10e797e09 WebCore::ContainerNode::detach() 21 0x10ebe46f2 WebCore::Element::detach() 22 0x10e79a3e7 WebCore::ContainerNode::detachChildren() 23 0x10e797e09 WebCore::ContainerNode::detach() 24 0x10ebe46f2 WebCore::Element::detach() 25 0x10e79a3e7 WebCore::ContainerNode::detachChildren() 26 0x10e797e09 WebCore::ContainerNode::detach() 27 0x10ebe46f2 WebCore::Element::detach() 28 0x10e79a3e7 WebCore::ContainerNode::detachChildren() 29 0x10e797e09 WebCore::ContainerNode::detach() 30 0x10ebe46f2 WebCore::Element::detach() 31 0x10e79a3e7 WebCore::ContainerNode::detachChildren() Segmentation fault: 11 No leak checking done: At least one WebView is still open.

Attachments
patch (1.62 KB, patch) 2012-04-02 14:06 PDT, Tim Horton	simon.fraser: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Nikolas Zimmermann

Comment 1 2012-04-01 05:47:03 PDT

*** Bug 82815 has been marked as a duplicate of this bug. ***

Nikolas Zimmermann

Comment 2 2012-04-01 05:50:06 PDT

I'll try to find a way to make this reproducible.

Simon Fraser (smfr)

Comment 3 2012-04-01 11:04:38 PDT

This is causing crashes on the debug bots. I question why all the work is being done under willBeDestroyed() though. Looks like useless work

Nikolas Zimmermann

Comment 4 2012-04-01 11:17:58 PDT

(In reply to comment #3) > This is causing crashes on the debug bots. > > I question why all the work is being done under willBeDestroyed() though. Looks like useless work In case you missed my comment from the other bug report 82815, the work done there is absolutely needed when removing eg. tspan children dynamically from a text subtree - it's an optimization actually, to avoid rebuilding the whole text tree upon the next layout, if only a child got removed. Part of that logic lives in willBeDestroyed(). I think Tim knows what this is about as well.

Tim Horton

Comment 5 2012-04-02 13:29:38 PDT

smfr, from the dupe: > I think there's a documentBeingDestroyed that you could consult.

Radar WebKit Bug Importer

Comment 6 2012-04-02 13:55:35 PDT

<rdar://problem/11168969>

Tim Horton

Comment 7 2012-04-02 14:06:25 PDT

Created attachment 135182 [details] patch

Tim Horton

Comment 8 2012-04-02 14:24:10 PDT

Landed in http://trac.webkit.org/changeset/112942

Note You need to log in before you can comment on or make changes to this bug.