RESOLVED CONFIGURATION CHANGED 134657
SIGSEGV in WebCore::applyFontTransforms while loading http://www.ica.se/butiker/maxi/karlstad/maxi-ica-stormarknad-karlstad-11010/start/ 
https://bugs.webkit.org/show_bug.cgi?id=134657
Summary SIGSEGV in WebCore::applyFontTransforms while loading http://www.ica.se/butik...
zalan
Reported 2014-07-05 16:52:02 PDT
1. load http://www.ica.se/butiker/maxi/karlstad/maxi-ica-stormarknad-karlstad-11010/start/ -> crash Process: com.apple.WebKit.WebContent.Development [915] Path: /Users/USER/*/Safari-Cab-Production-Dirac-157280-55640.app/Contents/Frameworks/WebKit2.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Identifier: com.apple.WebKit.WebContent.Development Version: 9538 (9538.2) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: Safari [907] User ID: 501 Date/Time: 2014-07-05 16:47:32.670 -0700 OS Version: Mac OS X 10.9.3 (13D65) Report Version: 11 Anonymous UUID: 0AF5DD07-AE7C-2A78-5229-538D0C4FB31B Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 VM Regions Near 0: --> __TEXT 00000001075f0000-00000001075f2000 [ 8K] r-x/rwx SM=COW /Users/USER/*/Safari-Cab-Production-Dirac-157280-55640.app/Contents/Frameworks/WebKit2.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Application Specific Information: Bundle controller class: BrowserBundleController Process Model: Multiple Web Processes Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010ced9f20 WebCore::applyFontTransforms(WebCore::GlyphBuffer*, bool, int&, WebCore::SimpleFontData const*, WebCore::WidthIterator&, unsigned int, WTF::Vector<std::__1::pair<int, WebCore::OriginalAdvancesForCharacterTreatedAsSpace>, 64ul, WTF::CrashOnOverflow>&) + 224 1 com.apple.WebCore 0x000000010c3c2d69 unsigned int WebCore::WidthIterator::advanceInternal<WebCore::Latin1TextIterator>(WebCore::Latin1TextIterator&, WebCore::GlyphBuffer*) + 3705 2 com.apple.WebCore 0x000000010c2ad262 WebCore::WidthIterator::advance(int, WebCore::GlyphBuffer*) + 82 3 com.apple.WebCore 0x000000010c2acdd5 WebCore::Font::floatWidthForSimpleText(WebCore::TextRun const&, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >*, WebCore::GlyphOverflow*) const + 229 4 com.apple.WebCore 0x000000010c2aca35 WebCore::Font::width(WebCore::TextRun const&, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >*, WebCore::GlyphOverflow*) const + 405 5 com.apple.WebCore 0x000000010c3cb771 WebCore::RenderText::computePreferredLogicalWidths(float, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >&, WebCore::GlyphOverflow&) + 3169 6 com.apple.WebCore 0x000000010c3c642d WebCore::RenderText::width(unsigned int, unsigned int, WebCore::Font const&, float, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >*, WebCore::GlyphOverflow*) const + 829 7 com.apple.WebCore 0x000000010ccd8d62 WebCore::LineBreaker::nextSegmentBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&) + 15250 8 com.apple.WebCore 0x000000010ccd32ef WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&) + 1103 9 com.apple.WebCore 0x000000010ccd0a8a WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 1098 10 com.apple.WebCore 0x000000010cccfbff WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 1231 11 com.apple.WebCore 0x000000010ccd3d37 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 1879 12 com.apple.WebCore 0x000000010cf0e4dd WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 749 13 com.apple.WebCore 0x000000010c32bd74 WebCore::RenderBlock::layout() + 52 14 com.apple.WebCore 0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729 15 com.apple.WebCore 0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442 16 com.apple.WebCore 0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775 17 com.apple.WebCore 0x000000010c32bd74 WebCore::RenderBlock::layout() + 52 18 com.apple.WebCore 0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729 19 com.apple.WebCore 0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442 20 com.apple.WebCore 0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775 21 com.apple.WebCore 0x000000010c32bd74 WebCore::RenderBlock::layout() + 52 22 com.apple.WebCore 0x000000010cf0f6ec WebCore::RenderBlockFlow::insertFloatingObject(WebCore::RenderBox*) + 348 23 com.apple.WebCore 0x000000010cf0ee64 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 452 24 com.apple.WebCore 0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775 25 com.apple.WebCore 0x000000010c32bd74 WebCore::RenderBlock::layout() + 52 26 com.apple.WebCore 0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729 27 com.apple.WebCore 0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442 28 com.apple.WebCore 0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775 29 com.apple.WebCore 0x000000010c32bd74 WebCore::RenderBlock::layout() + 52 30 com.apple.WebCore 0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729 31 com.apple.WebCore 0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442 32 com.apple.WebCore 0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775 33 com.apple.WebCore 0x000000010c32bd74 WebCore::RenderBlock::layout() + 52 34 com.apple.WebCore 0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729 35 com.apple.WebCore 0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442 36 com.apple.WebCore 0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775 37 com.apple.WebCore 0x000000010c32bd74 WebCore::RenderBlock::layout() + 52 38 com.apple.WebCore 0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729 39 com.apple.WebCore 0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442 40 com.apple.WebCore 0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775 41 com.apple.WebCore 0x000000010c32bd74 WebCore::RenderBlock::layout() + 52 42 com.apple.WebCore 0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729 43 com.apple.WebCore 0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442 44 com.apple.WebCore 0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775 45 com.apple.WebCore 0x000000010c32bd74 WebCore::RenderBlock::layout() + 52 46 com.apple.WebCore 0x000000010cf0fb39 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 729 47 com.apple.WebCore 0x000000010cf0ee5a WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 442 48 com.apple.WebCore 0x000000010cf0e4f7 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 775 49 com.apple.WebCore 0x000000010c32bd74 WebCore::RenderBlock::layout() + 52 50 com.apple.WebCore 0x000000010c32b936 WebCore::RenderView::layout() + 790 51 com.apple.WebCore 0x000000010c326ed1 WebCore::FrameView::layout(bool) + 1201 52 com.apple.WebCore 0x000000010c2bbb0f WebCore::ThreadTimers::sharedTimerFiredInternal() + 175 53 com.apple.WebCore 0x000000010c2bba2a WebCore::timerFired(__CFRunLoopTimer*, void*) + 58 54 com.apple.CoreFoundation 0x00007fff955ed494 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 55 com.apple.CoreFoundation 0x00007fff955ecfcf __CFRunLoopDoTimer + 1151 56 com.apple.CoreFoundation 0x00007fff9565e5aa __CFRunLoopDoTimers + 298 57 com.apple.CoreFoundation 0x00007fff955a8755 __CFRunLoopRun + 1525 58 com.apple.CoreFoundation 0x00007fff955a7f25 CFRunLoopRunSpecific + 309 59 com.apple.HIToolbox 0x00007fff8fdcba0d RunCurrentEventLoopInMode + 226 60 com.apple.HIToolbox 0x00007fff8fdcb7b7 ReceiveNextEventCommon + 479 61 com.apple.HIToolbox 0x00007fff8fdcb5bc _BlockUntilNextEventMatchingListInModeWithFilter + 65 62 com.apple.AppKit 0x00007fff99f4626e _DPSNextEvent + 1434 63 com.apple.AppKit 0x00007fff99f458bb -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122 64 com.apple.AppKit 0x00007fff99f399bc -[NSApplication run] + 553 65 com.apple.AppKit 0x00007fff99f247a3 NSApplicationMain + 940 66 com.apple.XPCService 0x00007fff9285ec0f _xpc_main + 385 67 libxpc.dylib 0x00007fff98426bde xpc_main + 399 68 com.apple.WebKit.WebContent.Development 0x00000001075f16a0 0x1075f0000 + 5792 69 libdyld.dylib 0x00007ff
Attachments
Add attachment proposed patch, testcase, etc.
zalan
Comment 1 2014-07-07 10:26:05 PDT
<rdar://problem/17576072>
Myles C. Maxfield
Comment 2 2014-07-07 13:11:57 PDT
This is caused by RenderText::widthFromCache() only creating a renderingContext if the primary font is a SVG font (thereby disregarding what the non-primary FontData's are)
Myles C. Maxfield
Comment 3 2014-07-07 13:44:35 PDT
Ultimately we should probably remove Font::isSVGFont() as it is somewhat misleading
David Kilzer (:ddkilzer)
Comment 4 2014-07-08 12:41:59 PDT
Related to Bug 133198?
Myles C. Maxfield
Comment 5 2014-07-08 13:44:58 PDT
Related to, but not caused by quite the same thing.
Myles C. Maxfield
Comment 6 2017-11-14 15:51:47 PST
We no longer have SVG fonts.
Note You need to log in before you can comment on or make changes to this bug.