132179 – [harfbuzz] ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key) in WTF::HashTable<>::checkKey

Bug 132179 - [harfbuzz] ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key) in WTF::HashTable<>::checkKey

Summary: [harfbuzz] ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), ...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2014-04-25 02:45 PDT by Renata Hodovan
Modified:	2016-08-03 14:21 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Test case (24 bytes, text/html) 2014-04-25 02:45 PDT, Renata Hodovan	no flags	Details
Test (16 bytes, text/html) 2015-11-10 06:47 PST, Renata Hodovan	no flags	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2014-04-25 02:45:27 PDT

Created attachment 230157 [details]
Test case

The following test with two HTML codes is firing the assertion:

<body>&#6198&#656</body>


The backtrace:


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff96cc3700 (LWP 10677)]
0x00007ffff250ce83 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:333
333	    *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff250ce83 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:333
#1  0x00007ffff373bf80 in WTF::HashTable<unsigned int, WTF::KeyValuePair<unsigned int, unsigned short>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned int, unsigned short> >, WTF::IntHash<unsigned int>, WTF::HashMap<unsigned int, unsigned short, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<unsigned short> >::KeyValuePairTraits, WTF::HashTraits<unsigned int> >::checkKey<WTF::HashMapTranslator<WTF::HashMap<unsigned int, unsigned short, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<unsigned short> >::KeyValuePairTraits, WTF::IntHash<unsigned int> >, unsigned int> (this=0x7fbef0, key=@0x7fffffffa39c: 0)
    at ../../Source/WTF/wtf/HashTable.h:571
#2  0x00007ffff373bca6 in WTF::HashTable<unsigned int, WTF::KeyValuePair<unsigned int, unsigned short>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned int, unsigned short> >, WTF::IntHash<unsigned int>, WTF::HashMap<unsigned int, unsigned short, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<unsigned short> >::KeyValuePairTraits, WTF::HashTraits<unsigned int> >::add<WTF::HashMapTranslator<WTF::HashMap<unsigned int, unsigned short, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<unsigned short> >::KeyValuePairTraits, WTF::IntHash<unsigned int> >, unsigned int const&, int>(unsigned int const&, int&&) (this=0x7fbef0, 
    key=@0x7fffffffa39c: 0, extra=@0x7fffffffa3c8: 0) at ../../Source/WTF/wtf/HashTable.h:788
#3  0x00007ffff373b928 in WTF::HashMap<unsigned int, unsigned short, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<unsigned short> >::inlineAdd<unsigned int const&, int>(unsigned int const&, int&&) (this=0x7fbef0, key=@0x7fffffffa39c: 0, 
    value=@0x7fffffffa3c8: 0) at ../../Source/WTF/wtf/HashMap.h:281
#4  0x00007ffff373b85b in WTF::HashMap<unsigned int, unsigned short, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<unsigned short> >::add<int>(unsigned int const&, int&&) (this=0x7fbef0, key=@0x7fffffffa39c: 0, mapped=@0x7fffffffa3c8: 0)
    at ../../Source/WTF/wtf/HashMap.h:309
#5  0x00007ffff373b0e3 in WebCore::harfBuzzGetGlyph (fontData=0x897ca0, unicode=0, glyph=0x7fffffffa48c)
    at ../../Source/WebCore/platform/graphics/harfbuzz/HarfBuzzFaceCairo.cpp:112
#6  0x00007fffe8e04abd in get_glyph (glyph=0x7fffffffa48c, variation_selector=0, unicode=<optimized out>, this=<optimized out>)
    at hb-font-private.hh:219
#7  decompose_current_character (shortest=true, c=0x7fffffffa4b0) at hb-ot-shape-normalize.cc:202
#8  decompose_cluster (end=3, short_circuit=true, c=0x7fffffffa4b0) at hb-ot-shape-normalize.cc:254
#9  _hb_ot_shape_normalize (plan=plan@entry=0x7fc970, buffer=buffer@entry=0x897b20, font=font@entry=0x7fbf50)
    at hb-ot-shape-normalize.cc:309
#10 0x00007fffe8df54f6 in hb_ot_substitute_default (c=<synthetic pointer>) at hb-ot-shape.cc:366
#11 hb_ot_substitute (c=<synthetic pointer>) at hb-ot-shape.cc:397
#12 hb_ot_shape_internal (c=<synthetic pointer>) at hb-ot-shape.cc:563
#13 _hb_ot_shape (shape_plan=<optimized out>, font=<optimized out>, buffer=0x897b20, features=0x0, num_features=0) at hb-ot-shape.cc:585
#14 0x00007fffe8dd9b7a in hb_shape_plan_execute (shape_plan=0x7fc1c0, font=0x7fbf50, buffer=0x897b20, features=0x0, num_features=0)
    at hb-shaper-list.hh:39
#15 0x00007fffe8dd8f29 in hb_shape_full (font=0x7fbf50, buffer=0x897b20, features=0x0, num_features=0, shaper_list=<optimized out>)
    at hb-shape.cc:260
#16 0x00007ffff373ebea in WebCore::HarfBuzzShaper::shapeHarfBuzzRuns (this=0x7fffffffa890, shouldSetDirection=false)
    at ../../Source/WebCore/platform/graphics/harfbuzz/HarfBuzzShaper.cpp:513
#17 0x00007ffff373dfc7 in WebCore::HarfBuzzShaper::shape (this=0x7fffffffa890, glyphBuffer=0x0)
    at ../../Source/WebCore/platform/graphics/harfbuzz/HarfBuzzShaper.cpp:390
#18 0x00007ffff3706a70 in WebCore::Font::floatWidthForComplexText (this=0x8794b8, run=...)
    at ../../Source/WebCore/platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:72
#19 0x00007ffff30ae50a in WebCore::Font::width (this=0x8794b8, run=..., fallbackFonts=0x7fffffffb528, glyphOverflow=0x7fffffffade0)
    at ../../Source/WebCore/platform/graphics/Font.cpp:396
#20 0x00007ffff33e917d in WebCore::RenderText::widthFromCache (this=0x7c7fb0, f=..., start=0, len=3, xPos=0, fallbackFonts=0x7fffffffb528, 
    glyphOverflow=0x7fffffffade0, style=...) at ../../Source/WebCore/rendering/RenderText.cpp:498
#21 0x00007ffff33e56d9 in WebCore::RenderText::computePreferredLogicalWidths (this=0x7c7fb0, leadWidth=0, fallbackFonts=..., 
    glyphOverflow=...) at ../../Source/WebCore/rendering/RenderText.cpp:793
#22 0x00007ffff33e71bf in WebCore::RenderText::width (this=0x7c7fb0, from=0, len=3, f=..., xPos=0, fallbackFonts=0x7fffffffb528, 
    glyphOverflow=0x7fffffffade0) at ../../Source/WebCore/rendering/RenderText.cpp:1201
#23 0x00007ffff342b07d in WebCore::textWidth (text=0x7c7fb0, from=0, len=3, font=..., xPos=0, isFixedPitch=false, collapseWhiteSpace=true, 
    fallbackFonts=..., layout=0x0) at ../../Source/WebCore/rendering/line/BreakingContextInlineHeaders.h:492
---Type <return> to continue, or q <return> to quit---
#24 0x00007ffff342dda4 in WebCore::BreakingContext::handleText (this=0x7fffffffb0f0, wordMeasurements=..., 
    hyphenated=@0x7fffffffb408: false, consecutiveHyphenatedLines=@0x7fffffffb250: 0)
    at ../../Source/WebCore/rendering/line/BreakingContextInlineHeaders.h:888
#25 0x00007ffff3428869 in WebCore::LineBreaker::nextSegmentBreak (this=0x7fffffffb400, resolver=..., lineInfo=..., renderTextInfo=..., 
    lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0, wordMeasurements=...)
    at ../../Source/WebCore/rendering/line/LineBreaker.cpp:115
#26 0x00007ffff3428507 in WebCore::LineBreaker::nextLineBreak (this=0x7fffffffb400, resolver=..., lineInfo=..., renderTextInfo=..., 
    lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0, wordMeasurements=...)
    at ../../Source/WebCore/rendering/line/LineBreaker.cpp:82
#27 0x00007ffff326e36a in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange (this=0x7c5ce0, layoutState=..., resolver=..., 
    cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0)
    at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1092
#28 0x00007ffff326df46 in WebCore::RenderBlockFlow::layoutRunsAndFloats (this=0x7c5ce0, layoutState=..., hasInlineChild=true)
    at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1036
#29 0x00007ffff32705ce in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x7c5ce0, relayoutChildren=true, repaintLogicalTop=..., 
    repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1441
#30 0x00007ffff3253c94 in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x7c5ce0, relayoutChildren=true, repaintLogicalTop=..., 
    repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:563
#31 0x00007ffff3252fb0 in WebCore::RenderBlockFlow::layoutBlock (this=0x7c5ce0, relayoutChildren=true, pageLogicalHeight=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:391
#32 0x00007ffff3222c71 in WebCore::RenderBlock::layout (this=0x7c5ce0) at ../../Source/WebCore/rendering/RenderBlock.cpp:1274
#33 0x00007ffff3254080 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7c5620, child=..., marginInfo=..., 
    previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:624
#34 0x00007ffff3253b99 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7c5620, relayoutChildren=true, maxFloatLogicalBottom=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:543
#35 0x00007ffff3252fd4 in WebCore::RenderBlockFlow::layoutBlock (this=0x7c5620, relayoutChildren=true, pageLogicalHeight=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:393
#36 0x00007ffff3222c71 in WebCore::RenderBlock::layout (this=0x7c5620) at ../../Source/WebCore/rendering/RenderBlock.cpp:1274
#37 0x00007ffff3254080 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x89ff50, child=..., marginInfo=..., 
    previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:624
#38 0x00007ffff3253b99 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x89ff50, relayoutChildren=true, maxFloatLogicalBottom=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:543
#39 0x00007ffff3252fd4 in WebCore::RenderBlockFlow::layoutBlock (this=0x89ff50, relayoutChildren=true, pageLogicalHeight=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:393
#40 0x00007ffff3222c71 in WebCore::RenderBlock::layout (this=0x89ff50) at ../../Source/WebCore/rendering/RenderBlock.cpp:1274
#41 0x00007ffff3400afb in WebCore::RenderView::layoutContent (this=0x89ff50, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:152
#42 0x00007ffff3401279 in WebCore::RenderView::layout (this=0x89ff50) at ../../Source/WebCore/rendering/RenderView.cpp:281
#43 0x00007ffff2faa959 in WebCore::FrameView::layout (this=0x7c7570, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1270
#44 0x00007ffff2a1ebba in WebCore::Document::implicitClose (this=0x8f8870) at ../../Source/WebCore/dom/Document.cpp:2454
#45 0x00007ffff2e8216f in WebCore::FrameLoader::checkCallImplicitClose (this=0x94b3b8) at ../../Source/WebCore/loader/FrameLoader.cpp:889
#46 0x00007ffff2e81f10 in WebCore::FrameLoader::checkCompleted (this=0x94b3b8) at ../../Source/WebCore/loader/FrameLoader.cpp:835
#47 0x00007ffff2e81c75 in WebCore::FrameLoader::finishedParsing (this=0x94b3b8) at ../../Source/WebCore/loader/FrameLoader.cpp:759
#48 0x00007ffff2a2653f in WebCore::Document::finishedParsing (this=0x8f8870) at ../../Source/WebCore/dom/Document.cpp:4482
#49 0x00007ffff2d1a0eb in WebCore::HTMLConstructionSite::finishedParsing (this=0x740cb8)
    at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:393
#50 0x00007ffff2d52fc2 in WebCore::HTMLTreeBuilder::finished (this=0x740ca0) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2988
#51 0x00007ffff2d21bb0 in WebCore::HTMLDocumentParser::end (this=0x6d2130) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:439
#52 0x00007ffff2d21c99 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x6d2130)
    at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:450
#53 0x00007ffff2d208e1 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x6d2130)
    at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165
---Type <return> to continue, or q <return> to quit---
#54 0x00007ffff2d21cde in WebCore::HTMLDocumentParser::attemptToEnd (this=0x6d2130)
    at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462
#55 0x00007ffff2d21d97 in WebCore::HTMLDocumentParser::finish (this=0x6d2130) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:490
#56 0x00007ffff2e74c69 in WebCore::DocumentWriter::end (this=0x6d5970) at ../../Source/WebCore/loader/DocumentWriter.cpp:248
#57 0x00007ffff2e61f3b in WebCore::DocumentLoader::finishedLoading (this=0x6d58d0, finishTime=0)
    at ../../Source/WebCore/loader/DocumentLoader.cpp:440
#58 0x00007ffff2e61ca4 in WebCore::DocumentLoader::notifyFinished (this=0x6d58d0, resource=0x6cf470)
    at ../../Source/WebCore/loader/DocumentLoader.cpp:374
#59 0x00007ffff2f034b8 in WebCore::CachedResource::checkNotify (this=0x6cf470) at ../../Source/WebCore/loader/cache/CachedResource.cpp:332
#60 0x00007ffff2f03596 in WebCore::CachedResource::finishLoading (this=0x6cf470) at ../../Source/WebCore/loader/cache/CachedResource.cpp:348
#61 0x00007ffff2f002ba in WebCore::CachedRawResource::finishLoading (this=0x6cf470, data=0x781090)
    at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:97
#62 0x00007ffff2ebc0ef in WebCore::SubresourceLoader::didFinishLoading (this=0x6cf9b0, finishTime=0)
    at ../../Source/WebCore/loader/SubresourceLoader.cpp:310
#63 0x00007ffff2eb85cd in WebCore::ResourceLoader::didFinishLoading (this=0x6cf9b0, finishTime=0)
    at ../../Source/WebCore/loader/ResourceLoader.cpp:508
#64 0x00007ffff3767e60 in WebCore::readCallback (asyncResult=0x72a9d0, data=0x6cf040)
    at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1326
#65 0x00007fffeb97b119 in async_ready_callback_wrapper (source_object=0x8a3b90, res=0x72a9d0, user_data=0x6cf040) at ginputstream.c:519
#66 0x00007fffeb99d67b in g_task_return_now (task=0x72a9d0) at gtask.c:1108
#67 0x00007fffeb99d699 in complete_in_idle_cb (task=0x72a9d0) at gtask.c:1117
#68 0x00007fffeac0c2d5 in g_main_dispatch (context=0x638660) at gmain.c:3065
#69 g_main_context_dispatch (context=context@entry=0x638660) at gmain.c:3641
#70 0x00007fffeac0c618 in g_main_context_iterate (context=0x638660, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at gmain.c:3712
#71 0x00007fffeac0ca7a in g_main_loop_run (loop=0x684f30) at gmain.c:3906
#72 0x00007ffff255d54a in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59
#73 0x00007ffff249e005 in WebKit::WebProcessMainGtk (argc=2, argv=0x7fffffffde38)
    at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:75
#74 0x000000000040085c in main (argc=2, argv=0x7fffffffde38) at ../../Source/WebKit2/gtk/MainGtk.cpp:31

Comment 1 Renata Hodovan 2015-11-10 06:47:09 PST

Created attachment 265174 [details]
Test

The old test case doesn't fail anymore. However the new one still does.

Comment 2 Brent Fulgham 2016-08-03 14:21:28 PDT

This issue no longer occurs under GuardMalloc or ASAN as of r204037. If you believe there is still a bug, please reopen this issue with a revised test case.