Bug 134657 - SIGSEGV in WebCore::applyFontTransforms while loading http://www.ica.se/butiker/maxi/karlstad/maxi-ica-stormarknad-karlstad-11010/start/
Summary: SIGSEGV in WebCore::applyFontTransforms while loading http://www.ica.se/butik...
Status: RESOLVED CONFIGURATION CHANGED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL: http://www.ica.se/butiker/maxi/karlst...
Keywords: InRadar, Regression
Depends on:
Blocks:
 
Reported: 2014-07-05 16:52 PDT by zalan
Modified: 2017-11-14 15:51 PST (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description zalan 2014-07-05 16:52:02 PDT 
1. load http://www.ica.se/butiker/maxi/karlstad/maxi-ica-stormarknad-karlstad-11010/start/
-> crash

Process:         com.apple.WebKit.WebContent.Development [915]
Path:            /Users/USER/*/Safari-Cab-Production-Dirac-157280-55640.app/Contents/Frameworks/WebKit2.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development
Identifier:      com.apple.WebKit.WebContent.Development
Version:         9538 (9538.2)
Code Type:       X86-64 (Native)
Parent Process:  ??? [1]
Responsible:     Safari [907]
User ID:         501

Date/Time:       2014-07-05 16:47:32.670 -0700
OS Version:      Mac OS X 10.9.3 (13D65)
Report Version:  11
Anonymous UUID:  0AF5DD07-AE7C-2A78-5229-538D0C4FB31B


Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000

VM Regions Near 0:
--> 
    __TEXT                 00000001075f0000-00000001075f2000 [    8K] r-x/rwx SM=COW  /Users/USER/*/Safari-Cab-Production-Dirac-157280-55640.app/Contents/Frameworks/WebKit2.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development

Application Specific Information:
Bundle controller class:
BrowserBundleController
 
Process Model:
Multiple Web Processes
 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x000000010ced9f20 WebCore::applyFontTransforms(WebCore::GlyphBuffer*, bool, int&, WebCore::SimpleFontData const*, WebCore::WidthIterator&, unsigned int, WTF::Vector<std::__1::pair<int, WebCore::OriginalAdvancesForCharacterTreatedAsSpace>, 64ul, WTF::CrashOnOverflow>&) + 224
1   com.apple.WebCore             	0x000000010c3c2d69 unsigned int WebCore::WidthIterator::advanceInternal<WebCore::Latin1TextIterator>(WebCore::Latin1TextIterator&, WebCore::GlyphBuffer*) + 3705
2   com.apple.WebCore             	0x000000010c2ad262 WebCore::WidthIterator::advance(int, WebCore::GlyphBuffer*) + 82
3   com.apple.WebCore             	0x000000010c2acdd5 WebCore::Font::floatWidthForSimpleText(WebCore::TextRun const&, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >*, WebCore::GlyphOverflow*) const + 229
4   com.apple.WebCore             	0x000000010c2aca35 WebCore::Font::width(WebCore::TextRun const&, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >*, WebCore::GlyphOverflow*) const + 405
5   com.apple.WebCore             	0x000000010c3cb771 WebCore::RenderText::computePreferredLogicalWidths(float, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >&, WebCore::GlyphOverflow&) + 3169
6   com.apple.WebCore             	0x000000010c3c642d WebCore::RenderText::width(unsigned int, unsigned int, WebCore::Font const&, float, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >*, WebCore::GlyphOverflow*) const + 829
7   com.apple.WebCore             	0x000000010ccd8d62 WebCore::LineBreaker::nextSegmentBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&) + 15250
8   com.apple.WebCore             	0x000000010ccd32ef WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&) + 1103
9   com.apple.WebCore             	0x000000010ccd0a8a WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 1098
10  com.apple.WebCore             	0x000000010cccfbff WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 1231
11  com.apple.WebCore             	0x000000010ccd3d37 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 1879
12  com.apple.WebCore             	0x000000010cf0e4dd WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 749
13  com.apple.WebCore             	0x000000010c32bd74 WebCore::RenderBlock::layout() + 52
14  com.apple.WebCore             	0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729
15  com.apple.WebCore             	0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442
16  com.apple.WebCore             	0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775
17  com.apple.WebCore             	0x000000010c32bd74 WebCore::RenderBlock::layout() + 52
18  com.apple.WebCore             	0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729
19  com.apple.WebCore             	0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442
20  com.apple.WebCore             	0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775
21  com.apple.WebCore             	0x000000010c32bd74 WebCore::RenderBlock::layout() + 52
22  com.apple.WebCore             	0x000000010cf0f6ec WebCore::RenderBlockFlow::insertFloatingObject(WebCore::RenderBox*) + 348
23  com.apple.WebCore             	0x000000010cf0ee64 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 452
24  com.apple.WebCore             	0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775
25  com.apple.WebCore             	0x000000010c32bd74 WebCore::RenderBlock::layout() + 52
26  com.apple.WebCore             	0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729
27  com.apple.WebCore             	0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442
28  com.apple.WebCore             	0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775
29  com.apple.WebCore             	0x000000010c32bd74 WebCore::RenderBlock::layout() + 52
30  com.apple.WebCore             	0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729
31  com.apple.WebCore             	0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442
32  com.apple.WebCore             	0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775
33  com.apple.WebCore             	0x000000010c32bd74 WebCore::RenderBlock::layout() + 52
34  com.apple.WebCore             	0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729
35  com.apple.WebCore             	0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442
36  com.apple.WebCore             	0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775
37  com.apple.WebCore             	0x000000010c32bd74 WebCore::RenderBlock::layout() + 52
38  com.apple.WebCore             	0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729
39  com.apple.WebCore             	0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442
40  com.apple.WebCore             	0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775
41  com.apple.WebCore             	0x000000010c32bd74 WebCore::RenderBlock::layout() + 52
42  com.apple.WebCore             	0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729
43  com.apple.WebCore             	0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442
44  com.apple.WebCore             	0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775
45  com.apple.WebCore             	0x000000010c32bd74 WebCore::RenderBlock::layout() + 52
46  com.apple.WebCore             	0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729
47  com.apple.WebCore             	0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442
48  com.apple.WebCore             	0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775
49  com.apple.WebCore             	0x000000010c32bd74 WebCore::RenderBlock::layout() + 52
50  com.apple.WebCore             	0x000000010c32b936 WebCore::RenderView::layout() + 790
51  com.apple.WebCore             	0x000000010c326ed1 WebCore::FrameView::layout(bool) + 1201
52  com.apple.WebCore             	0x000000010c2bbb0f WebCore::ThreadTimers::sharedTimerFiredInternal() + 175
53  com.apple.WebCore             	0x000000010c2bba2a WebCore::timerFired(__CFRunLoopTimer*, void*) + 58
54  com.apple.CoreFoundation      	0x00007fff955ed494 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
55  com.apple.CoreFoundation      	0x00007fff955ecfcf __CFRunLoopDoTimer + 1151
56  com.apple.CoreFoundation      	0x00007fff9565e5aa __CFRunLoopDoTimers + 298
57  com.apple.CoreFoundation      	0x00007fff955a8755 __CFRunLoopRun + 1525
58  com.apple.CoreFoundation      	0x00007fff955a7f25 CFRunLoopRunSpecific + 309
59  com.apple.HIToolbox           	0x00007fff8fdcba0d RunCurrentEventLoopInMode + 226
60  com.apple.HIToolbox           	0x00007fff8fdcb7b7 ReceiveNextEventCommon + 479
61  com.apple.HIToolbox           	0x00007fff8fdcb5bc _BlockUntilNextEventMatchingListInModeWithFilter + 65
62  com.apple.AppKit              	0x00007fff99f4626e _DPSNextEvent + 1434
63  com.apple.AppKit              	0x00007fff99f458bb -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122
64  com.apple.AppKit              	0x00007fff99f399bc -[NSApplication run] + 553
65  com.apple.AppKit              	0x00007fff99f247a3 NSApplicationMain + 940
66  com.apple.XPCService          	0x00007fff9285ec0f _xpc_main + 385
67  libxpc.dylib                  	0x00007fff98426bde xpc_main + 399
68  com.apple.WebKit.WebContent.Development	0x00000001075f16a0 0x1075f0000 + 5792
69  libdyld.dylib                 	0x00007ff
Comment 1 zalan 2014-07-07 10:26:05 PDT 
<rdar://problem/17576072>
Comment 2 Myles C. Maxfield 2014-07-07 13:11:57 PDT 
This is caused by RenderText::widthFromCache() only creating a renderingContext if the primary font is a SVG font (thereby disregarding what the non-primary FontData's are)
Comment 3 Myles C. Maxfield 2014-07-07 13:44:35 PDT 
Ultimately we should probably remove Font::isSVGFont() as it is somewhat misleading
Comment 4 David Kilzer (:ddkilzer) 2014-07-08 12:41:59 PDT 
Related to Bug 133198?
Comment 5 Myles C. Maxfield 2014-07-08 13:44:58 PDT 
Related to, but not caused by quite the same thing.
Comment 6 Myles C. Maxfield 2017-11-14 15:51:47 PST 
We no longer have SVG fonts.