142814 – Crash with SIGSEGV `WebCore::WidthIterator::advanceInternal`

Bug 142814 - Crash with SIGSEGV `WebCore::WidthIterator::advanceInternal`

Summary: Crash with SIGSEGV `WebCore::WidthIterator::advanceInternal`

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-03-18 00:04 PDT by Paul Menzel
Modified:	2017-03-11 11:05 PST (History)
CC List:	1 user (show)

See Also:

Attachments
(gdb) t a a bt f (219.72 KB, text/plain) 2015-03-18 00:04 PDT, Paul Menzel	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paul Menzel 2015-03-18 00:04:39 PDT

Created attachment 248919 [details]
(gdb) t a a bt f

Using Debian Sid/unstable with WebKitGTK+ 2.4.8, Evolution 3.12.10 crashed with a segmentation fault in `WebCore::WidthIterator::advanceInternal`.

    evolution[3038]: segfault at bf920ffc ip b579cca7 sp bf921000 error 6 in libwebkitgtk-3.0.so.0.22.14[b5527000+1c5c000]

With the core dump file, the following backtrace is recovered.

Core was generated by `evolution'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0xb579cca7 in WebCore::WidthIterator::advanceInternal<WebCore::Latin1TextIterator> (this=0xbf92167c, textIterator=...,
    glyphBuffer=0xbf921700) at ../Source/WebCore/platform/graphics/WidthIterator.cpp:162
162     ../Source/WebCore/platform/graphics/WidthIterator.cpp: Datei oder Verzeichnis nicht gefunden.
(gdb) t a a bt f
[…]
Thread 1 (Thread 0xb0255900 (LWP 3038)):
#0  0xb579cca7 in WebCore::WidthIterator::advanceInternal<WebCore::Latin1TextIterator> (this=0xbf92167c, textIterator=..., 
    glyphBuffer=0xbf921700) at ../Source/WebCore/platform/graphics/WidthIterator.cpp:162
        hasExtraSpacing = false
        lastFontData = <optimized out>
        lastGlyphCount = <optimized out>
        character = <optimized out>
        widthSinceLastRounding = -0
        lastRoundingWidth = <optimized out>
        bounds = <optimized out>
        clusterLength = <optimized out>
        charactersTreatedAsSpace = {<WTF::VectorBuffer<std::pair<int, WebCore::OriginalAdvancesForCharacterTreatedAsSpace>, 64u>> = {<WTF::VectorBufferBase<std::pair<int, WebCore::OriginalAdvancesForCharacterTreatedAsSpace> >> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, 
            m_inlineBuffer = {{__data = '\000' <repeats 15 times>, __align = {<No data fields>}} <repeats 64 times>}}, <No data fields>}
        consumedCharacters = <optimized out>
#1  0xb5799035 in WebCore::WidthIterator::advance (this=0xbf92167c, offset=<optimized out>, glyphBuffer=0xbf921700)
    at ../Source/WebCore/platform/graphics/WidthIterator.cpp:349
        textIterator = {m_characters = 0x9ad85074 "Von:\002", m_currentCharacter = 0, m_lastCharacter = 4}
        textIterator = {m_characters = 0x9ad85074, m_currentCharacter = 0, m_lastCharacter = 4, m_endCharacter = -1250325171}
[…]