140522 – [Win] Failure in 'mathml/opentype/munderover-layout-resize.html due to missing font data for glyph

Bug 140522 - [Win] Failure in 'mathml/opentype/munderover-layout-resize.html due to missing font data for glyph

Summary: [Win] Failure in 'mathml/opentype/munderover-layout-resize.html due to missin...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:	159386
Blocks:
	Show dependency tree / graph

Reported:	2015-01-15 15:50 PST by Brent Fulgham
Modified:	2016-07-03 13:04 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brent Fulgham 2015-01-15 15:50:26 PST

The layout test 'mathml/opentype/munderover-layout-resize.html' crashes on Windows.

It is crashing because the font data for the glyph is a nullptr.

The stack trace is:

 	WebKit.dll!WebCore::SimpleFontData::isZeroWidthSpaceGlyph(unsigned short glyph) Line 163	C++
>	WebKit.dll!WebCore::SimpleFontData::widthForGlyph(unsigned short glyph) Line 343	C++
 	WebKit.dll!WebCore::RenderMathMLOperator::advanceForGlyph(const WebCore::GlyphData & data) Line 1347	C++
 	WebKit.dll!WebCore::RenderMathMLOperator::computePreferredLogicalWidths() Line 1359	C++
 	WebKit.dll!WebCore::RenderBox::maxPreferredLogicalWidth() Line 1011	C++
 	WebKit.dll!WebCore::RenderBox::computeLogicalWidthInRegionUsing(WebCore::SizeType widthType, WebCore::Length logicalWidth, WebCore::LayoutUnit availableLogicalWidth, const WebCore::RenderBlock * cb, WebCore::RenderRegion * region) Line 2430	C++
 	WebKit.dll!WebCore::RenderBox::computeLogicalWidthInRegion(WebCore::RenderBox::LogicalExtentComputedValues & computedValues, WebCore::RenderRegion * region) Line 2340	C++
 	WebKit.dll!WebCore::RenderBox::updateLogicalWidth() Line 2277	C++
 	WebKit.dll!WebCore::RenderBlock::recomputeLogicalWidth() Line 993	C++
 	WebKit.dll!WebCore::RenderFlexibleBox::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit __formal) Line 262	C++
 	WebKit.dll!WebCore::RenderBlock::layout() Line 945	C++
 	WebKit.dll!WebCore::RenderMathMLRow::layout() Line 75	C++
 	WebKit.dll!WebCore::RenderMathMLRow::layout() Line 75	C++
 	WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 707	C++
 	WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 627	C++
 	WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 482	C++
 	WebKit.dll!WebCore::RenderBlock::layout() Line 945	C++
 	WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 707	C++
 	WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 627	C++
 	WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 482	C++
 	WebKit.dll!WebCore::RenderBlock::layout() Line 945	C++
 	WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 707	C++
 	WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 627	C++
 	WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 482	C++
 	WebKit.dll!WebCore::RenderBlock::layout() Line 945	C++
 	WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 707	C++
 	WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 627	C++
 	WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 482	C++
 	WebKit.dll!WebCore::RenderBlock::layout() Line 945	C++
 	WebKit.dll!WebCore::RenderView::layoutContent(const WebCore::LayoutState & state) Line 233	C++
 	WebKit.dll!WebCore::RenderView::layout() Line 359	C++
 	WebKit.dll!WebCore::FrameView::layout(bool allowSubtree) Line 1333	C++
 	WebKit.dll!WebCore::Document::updateLayout() Line 1841	C++
 	WebKit.dll!WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks runPostLayoutTasks) Line 1874	C++
 	WebKit.dll!WebCore::Element::offsetWidth() Line 704	C++
 	WebKit.dll!WebCore::jsElementOffsetWidth(JSC::ExecState * exec, JSC::JSObject * slotBase, __int64 thisValue, JSC::PropertyName __formal) Line 654	C++
 	JavaScriptCore.dll!JSC::PropertySlot::getValue(JSC::ExecState * exec, JSC::PropertyName propertyName) Line 256	C++
 	JavaScriptCore.dll!JSC::JSValue::get(JSC::ExecState * exec, JSC::PropertyName propertyName, JSC::PropertySlot & slot) Line 686	C++
 	JavaScriptCore.dll!llint_slow_path_get_by_id(JSC::ExecState * exec, JSC::Instruction * pc) Line 581	C++
 	JavaScriptCore.dll!llint_entry() Line 3118	Unknown
 	JavaScriptCore.dll!vmEntryToJavaScript() Line 109	Unknown
 	JavaScriptCore.dll!JSC::JITCode::execute(JSC::VM * vm, JSC::ProtoCallFrame * protoCallFrame) Line 77	C++
 	JavaScriptCore.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program, JSC::ExecState * callFrame, JSC::JSObject * thisObj) Line 914	C++
 	JavaScriptCore.dll!JSC::evaluate(JSC::ExecState * exec, const JSC::SourceCode & source, JSC::JSValue thisValue, JSC::JSValue * returnedException) Line 83	C++
 	WebKit.dll!WebCore::JSMainThreadExecState::evaluate(JSC::ExecState * exec, const JSC::SourceCode & source, JSC::JSValue thisValue, JSC::JSValue * exception) Line 62	C++
 	WebKit.dll!WebCore::ScriptController::evaluateInWorld(const WebCore::ScriptSourceCode & sourceCode, WebCore::DOMWrapperWorld & world) Line 150	C++
 	WebKit.dll!WebCore::ScriptController::evaluate(const WebCore::ScriptSourceCode & sourceCode) Line 166	C++
 	WebKit.dll!WebCore::ScriptElement::executeScript(const WebCore::ScriptSourceCode & sourceCode) Line 301	C++
 	WebKit.dll!WebCore::ScriptElement::prepareScript(const WTF::TextPosition & scriptStartPosition, WebCore::ScriptElement::LegacyTypeSupport supportLegacyTypes) Line 237	C++
 	WebKit.dll!WebCore::HTMLScriptRunner::runScript(WebCore::Element * script, const WTF::TextPosition & scriptStartPosition) Line 304	C++
 	WebKit.dll!WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element> scriptElement, const WTF::TextPosition & scriptStartPosition) Line 177	C++
 	WebKit.dll!WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() Line 197	C++
 	WebKit.dll!WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode mode, WebCore::PumpSession & session) Line 214	C++
 	WebKit.dll!WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode mode) Line 259	C++
 	WebKit.dll!WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode mode) Line 167	C++
 	WebKit.dll!WebCore::HTMLDocumentParser::append(WTF::PassRefPtr<WTF::StringImpl> inputSource) Line 393	C++
 	WebKit.dll!WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter & writer, const char * data, unsigned int length) Line 51	C++
 	WebKit.dll!WebCore::DocumentWriter::addData(const char * bytes, unsigned int length) Line 225	C++
 	WebKit.dll!WebCore::DocumentLoader::commitData(const char * bytes, unsigned int length) Line 846	C++
 	WebKit.dll!WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader * loader, const char * data, int length) Line 700	C++
 	WebKit.dll!WebCore::DocumentLoader::commitLoad(const char * data, int length) Line 772	C++
 	WebKit.dll!WebCore::DocumentLoader::dataReceived(WebCore::CachedResource * resource, const char * data, int length) Line 894	C++
 	WebKit.dll!WebCore::CachedRawResource::notifyClientsDataWasReceived(const char * data, unsigned int length) Line 120	C++
 	WebKit.dll!WebCore::CachedRawResource::addDataBuffer(WebCore::SharedBuffer & data) Line 71	C++
 	WebKit.dll!WebCore::SubresourceLoader::didReceiveDataOrBuffer(const char * data, int length, WTF::PassRefPtr<WebCore::SharedBuffer> prpBuffer, __int64 encodedDataLength, WebCore::DataPayloadType dataPayloadType) Line 279	C++
 	WebKit.dll!WebCore::SubresourceLoader::didReceiveBuffer(WTF::PassRefPtr<WebCore::SharedBuffer> buffer, __int64 encodedDataLength, WebCore::DataPayloadType dataPayloadType) Line 260	C++
 	WebKit.dll!WebCore::ResourceLoader::didReceiveBuffer(WebCore::ResourceHandle * __formal, WTF::PassRefPtr<WebCore::SharedBuffer> buffer, int encodedDataLength) Line 498	C++
 	WebKit.dll!WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveData(const __CFData * data, long originalLength) Line 168	C++
 	WebKit.dll!WebCore::ResourceHandleCFURLConnectionDelegate::didReceiveDataCallback(_CFURLConnection * __formal, const __CFData * data, long originalLength, const void * clientInfo) Line 83	C++
 	CFNetwork.dll!URLConnectionClient::_clientDidReceiveData(const __CFArray * dataArray, URLConnectionClient::ClientConnectionEventQueue * preQ) Line 1531	C++
 	CFNetwork.dll!URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<enum XClientEvent,XClientEventParams> * e, long count) Line 2250	C++
 	CFNetwork.dll!XConnectionEventQueue<enum XClientEvent,XClientEventParams>::processAllEvents() Line 231	C++
 	CFNetwork.dll!URLConnectionClient::processEvents() Line 362	C++
 	CFNetwork.dll!MultiplexerSource::perform() Line 229	C++
 	CoreFoundation.dll!__CFRunLoopDoSources0(__CFRunLoop * rl, __CFRunLoopMode * rlm, unsigned char stopAfterHandle) Line 41844	C++
 	CoreFoundation.dll!__CFRunLoopRun(__CFRunLoop * rl, __CFRunLoopMode * rlm, double seconds, unsigned char stopAfterHandle, __CFRunLoopMode * previousMode) Line 42281	C++
 	CoreFoundation.dll!CFRunLoopRunSpecific(__CFRunLoop * rl, const __CFString * modeName, double seconds, unsigned char returnAfterSourceHandled) Line 42477	C++
 	CoreFoundation.dll!CFRunLoopRunInMode(const __CFString * modeName, double seconds, unsigned char returnAfterSourceHandled) Line 42511	C++
 	DumpRenderTree.dll!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & inputLine) Line 1120	C++
 	DumpRenderTree.dll!main(int argc, const char * * argv) Line 1476	C++
 	DumpRenderTree.dll!dllLauncherEntryPoint(int argc, const char * * argv) Line 1506	C++
 	DumpRenderTree.exe!main(int argc, const char * * argv) Line 239	C++
 	[External Code]

Comment 1 Frédéric Wang (:fredw) 2016-03-14 06:47:40 PDT

@Brent: do you still get a crash?

RenderMathMLOperator::advanceForGlyph (now) has some code to check that the font data for the glyph is not nullptr:

http://trac.webkit.org/browser/trunk/Source/WebCore/rendering/mathml/RenderMathMLOperator.cpp#L281

Comment 2 Frédéric Wang (:fredw) 2016-07-03 09:28:48 PDT

http://trac.webkit.org/changeset/202788