15588 – ASSERT in font-code due to @font-face src fallback

Bug 15588 - ASSERT in font-code due to @font-face src fallback

Summary: ASSERT in font-code due to @font-face src fallback

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	CSS (show other bugs)
Version:	523.x (Safari 3)
Hardware:	Mac OS X 10.4

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	10652
	Show dependency tree / graph

Reported:	2007-10-20 22:42 PDT by Eric Seidel (no email)
Modified:	2008-02-18 20:35 PST (History)
CC List:	2 users (show)

See Also:

Attachments
parser fix which exposes font code ASSERT (1.33 KB, patch) 2007-10-20 22:43 PDT, Eric Seidel (no email)	no flags	Details \| Formatted Diff \| Diff
test case which hits assert after patching (565 bytes, image/svg+xml) 2007-10-20 22:44 PDT, Eric Seidel (no email)	no flags	Details
html-only test case (242 bytes, text/html) 2007-10-20 23:21 PDT, Eric Seidel (no email)	no flags	Details
further html-only reduction (205 bytes, text/html) 2007-10-20 23:33 PDT, Eric Seidel (no email)	no flags	Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eric Seidel (no email) 2007-10-20 22:42:52 PDT

ASSERT in font-code due to @font-face src fallback

CSSParser::parseFontFaceSrcValue() was busted, so I fixed it (see attached patch).  However that fix exposes a bug in the font handling code.

With that fix applied, the attached test case asserts here:

Date/Time:      2007-10-21 00:30:11.866 -0500
OS Version:     10.4.10 (Build 8R2218)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  zsh [16646]

Version:        3.0.3 (522.12.1)
Build Version:  2
Project Name:   WebBrowser
Source Version: 45221201

PID:    17003
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef

Thread 0 Crashed:
0   com.apple.WebCore        	0x012834e8 WebCore::FontFallbackList::fontDataAt(WebCore::Font const*, unsigned) const + 138 (FontFallbackList.cpp:65)
1   com.apple.WebCore        	0x01208131 WebCore::Font::fontDataAt(unsigned) const + 121 (Font.cpp:489)
2   com.apple.WebCore        	0x01208937 WebCore::Font::glyphDataForCharacter(int, bool) const + 441 (Font.cpp:395)
3   com.apple.WebCore        	0x01208f3b WebCore::WidthIterator::advance(int, WebCore::GlyphBuffer*) + 435 (Font.cpp:158)
4   com.apple.WebCore        	0x01209753 WebCore::Font::floatWidthForSimpleText(WebCore::TextRun const&, WebCore::TextStyle const&, WebCore::GlyphBuffer*) const + 73 (Font.cpp:706)
5   com.apple.WebCore        	0x012097a5 WebCore::Font::floatWidth(WebCore::TextRun const&, WebCore::TextStyle const&) const + 61 (Font.cpp:698)
6   com.apple.WebCore        	0x01417ebc WebCore::SVGInlineTextBox::calculateGlyphWidth(WebCore::RenderStyle*, int) const + 178 (SVGInlineTextBox.cpp:77)
7   com.apple.WebCore        	0x01417fbc WebCore::SVGInlineTextBox::calculateGlyphBoundaries(WebCore::RenderStyle*, int, WebCore::SVGChar const&) const + 84 (SVGInlineTextBox.cpp:97)
8   com.apple.WebCore        	0x017499e4 WebCore::SVGInlineTextBoxSelectionRectWalker::chunkPortionCallback(WebCore::SVGInlineTextBox*, int, WebCore::AffineTransform const&, WebCore::SVGChar* const&, WebCore::SVGChar* const&) + 172 (SVGInlineTextBox.cpp:204)
9   com.apple.WebCore        	0x01749d5b WebCore::SVGTextChunkWalker<WebCore::SVGInlineTextBoxSelectionRectWalker>::operator()(WebCore::SVGInlineTextBox*, int, WebCore::AffineTransform const&, WebCore::SVGChar* const&, WebCore::SVGChar* const&) + 119 (SVGCharacterLayoutInfo.h:303)
10  com.apple.WebCore        	0x01394947 WebCore::SVGRootInlineBox::walkTextChunks(WebCore::SVGTextChunkWalkerBase*, WebCore::SVGInlineTextBox const*) + 651 (SVGRootInlineBox.cpp:1405)
11  com.apple.WebCore        	0x014194db WebCore::SVGInlineTextBox::selectionRect(int, int, int, int) + 309 (SVGInlineTextBox.cpp:313)
12  com.apple.WebCore        	0x01418270 WebCore::SVGInlineTextBox::nodeAtPoint(WebCore::HitTestRequest const&, WebCore::HitTestResult&, int, int, int, int) + 154 (SVGInlineTextBox.cpp:291)
13  com.apple.WebCore        	0x0128abdd WebCore::InlineFlowBox::nodeAtPoint(WebCore::HitTestRequest const&, WebCore::HitTestResult&, int, int, int, int) + 113 (InlineFlowBox.cpp:582)
14  com.apple.WebCore        	0x0128e2b9 WebCore::RootInlineBox::nodeAtPoint(WebCore::HitTestRequest const&, WebCore::HitTestResult&, int, int, int, int) + 281 (RootInlineBox.cpp:181)
15  com.apple.WebCore        	0x01158ea9 WebCore::RenderFlow::hitTestLines(WebCore::HitTestRequest const&, WebCore::HitTestResult&, int, int, int, int, WebCore::HitTestAction) + 433 (RenderFlow.cpp:461)
16  com.apple.WebCore        	0x01134e40 WebCore::RenderBlock::hitTestContents(WebCore::HitTestRequest const&, WebCore::HitTestResult&, int, int, int, int, WebCore::HitTestAction) + 142 (RenderBlock.cpp:2928)
17  com.apple.WebCore        	0x0113b723 WebCore::RenderBlock::nodeAtPoint(WebCore::HitTestRequest const&, WebCore::HitTestResult&, int, int, int, int, WebCore::HitTestAction) + 771 (RenderBlock.cpp:2848)
18  com.apple.WebCore        	0x01391d93 WebCore::RenderSVGText::nodeAtPoint(WebCore::HitTestRequest const&, WebCore::HitTestResult&, int, int, int, int, WebCore::HitTestAction) + 577 (RenderSVGText.cpp:139)
19  com.apple.WebCore        	0x01471e01 WebCore::RenderSVGRoot::nodeAtPoint(WebCore::HitTestRequest const&, WebCore::HitTestResult&, int, int, int, int, WebCore::HitTestAction) + 1041 (RenderSVGRoot.cpp:291)
20  com.apple.WebCore        	0x01172da8 WebCore::RenderObject::hitTest(WebCore::HitTestRequest const&, WebCore::HitTestResult&, int, int, int, int, WebCore::HitTestFilter) + 90 (RenderObject.cpp:2573)
21  com.apple.WebCore        	0x01166f0c WebCore::RenderLayer::hitTestLayer(WebCore::RenderLayer*, WebCore::HitTestRequest const&, WebCore::HitTestResult&, WebCore::IntRect const&) + 714 (RenderLayer.cpp:1619)
22  com.apple.WebCore        	0x01166d32 WebCore::RenderLayer::hitTestLayer(WebCore::RenderLayer*, WebCore::HitTestRequest const&, WebCore::HitTestResult&, WebCore::IntRect const&) + 240 (RenderLayer.cpp:1603)
23  com.apple.WebCore        	0x011673bf WebCore::RenderLayer::hitTest(WebCore::HitTestRequest const&, WebCore::HitTestResult&) + 209 (RenderLayer.cpp:1551)
24  com.apple.WebCore        	0x010f1041 WebCore::Document::prepareMouseEvent(WebCore::HitTestRequest const&, WebCore::IntPoint const&, WebCore::PlatformMouseEvent const&) + 291 (Document.cpp:1853)
25  com.apple.WebCore        	0x013d525b WebCore::EventHandler::prepareMouseEvent(WebCore::HitTestRequest const&, WebCore::PlatformMouseEvent const&) + 245 (EventHandler.cpp:1190)
26  com.apple.WebCore        	0x013da047 WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*) + 677 (EventHandler.cpp:967)
27  com.apple.WebCore        	0x013d28d2 WebCore::EventHandler::mouseDragged(NSEvent*) + 348 (EventHandlerMac.mm:493)
28  com.apple.WebKit         	0x0033db99 -[WebHTMLView mouseDragged:] + 233 (WebHTMLView.mm:3102)
29  com.apple.AppKit         	0x93365be1 -[NSWindow sendEvent:] + 7377
30  com.apple.Safari         	0x0009b10c 0x1000 + 631052
31  com.apple.AppKit         	0x93357350 -[NSApplication sendEvent:] + 5023
32  com.apple.Safari         	0x00014c98 0x1000 + 81048
33  com.apple.AppKit         	0x93281dfe -[NSApplication run] + 547
34  com.apple.AppKit         	0x93275d2f NSApplicationMain + 573
35  com.apple.Safari         	0x00002302 0x1000 + 4866
36  com.apple.Safari         	0x00048ef5 0x1000 + 294645

Thread 1:
0   libSystem.B.dylib        	0x9001a1cc select + 12
1   libSystem.B.dylib        	0x90024227 _pthread_body + 84

Thread 2:
0   libSystem.B.dylib        	0x900248c7 semaphore_wait_signal_trap + 7
1   com.apple.WebCore        	0x0147a566 WebCore::ThreadCondition::wait(WebCore::Mutex&) + 38 (ThreadingPthreads.cpp:162)
2   com.apple.WebCore        	0x012e46e6 WebCore::IconDatabase::syncThreadMainLoop() + 650 (IconDatabase.cpp:1308)
3   com.apple.WebCore        	0x012e5f1a WebCore::IconDatabase::iconDatabaseSyncThread() + 1206 (IconDatabase.cpp:1010)
4   com.apple.WebCore        	0x012e5f49 WebCore::IconDatabase::iconDatabaseSyncThreadStart(void*) + 23 (IconDatabase.cpp:914)
5   libSystem.B.dylib        	0x90024227 _pthread_body + 84

Thread 3:
0   libSystem.B.dylib        	0x90009cd7 mach_msg_trap + 7
1   com.apple.CoreFoundation 	0x9082d2b3 CFRunLoopRunSpecific + 2014
2   com.apple.CoreFoundation 	0x9082cace CFRunLoopRunInMode + 61
3   com.apple.Foundation     	0x92850bc2 +[NSURLCache _diskCacheSyncLoop:] + 206
4   com.apple.Foundation     	0x927f42e0 forkThreadForFunction + 123
5   libSystem.B.dylib        	0x90024227 _pthread_body + 84

Thread 4:
0   libSystem.B.dylib        	0x900248c7 semaphore_wait_signal_trap + 7
1   com.apple.Foundation     	0x9284a26c -[NSConditionLock lockWhenCondition:] + 39
2   com.apple.Syndication    	0x9ae9d052 -[AsyncDB _run:] + 181
3   com.apple.Foundation     	0x927f42e0 forkThreadForFunction + 123
4   libSystem.B.dylib        	0x90024227 _pthread_body + 84

Thread 5:
0   libSystem.B.dylib        	0x90009cd7 mach_msg_trap + 7
1   com.apple.CoreFoundation 	0x9082d2b3 CFRunLoopRunSpecific + 2014
2   com.apple.CoreFoundation 	0x9082cace CFRunLoopRunInMode + 61
3   com.apple.Foundation     	0x92829a0f +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 259
4   com.apple.Foundation     	0x927f42e0 forkThreadForFunction + 123
5   libSystem.B.dylib        	0x90024227 _pthread_body + 84

Thread 0 crashed with X86 Thread State (32-bit):
  eax: 0xbbadbeef  ebx: 0x0128346a  ecx: 0xa0001e80  edx: 0x00000000
  edi: 0x000000c7  esi: 0x00000000  ebp: 0xbfffe138  esp: 0xbfffe100
   ss: 0x0000001f  efl: 0x00010282  eip: 0x012834e8   cs: 0x00000017
   ds: 0x0000001f   es: 0x0000001f   fs: 0x00000000   gs: 0x00000037

Binary Images Description:
    0x1000 -   0x10cfff com.apple.Safari 3.0.3 (522.12.1)	/Applications/Safari.app/Contents/MacOS/Safari
  0x305000 -   0x3fafff com.apple.WebKit 523.11+	/Stuff/Users/eric/Projects/build/Debug/WebKit.framework/Versions/A/WebKit
  0x50a000 -   0x5bffff com.apple.JavaScriptCore 523.11+	/Stuff/Users/eric/Projects/build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore
 0x1008000 -  0x1796fff com.apple.WebCore 523.11+	/Stuff/Users/eric/Projects/build/Debug/WebCore.framework/Versions/A/WebCore
 0x2491000 -  0x2493fff net.culater.SIMBL 0.8 (8)	/Library/InputManagers/SIMBL/SIMBL.bundle/Contents/MacOS/SIMBL
 0x24a9000 -  0x24d4fff net.culater.PithHelmet 2.7 (78)	/Library/Application Support/SIMBL/Plugins/PithHelmet.bundle/Contents/MacOS/PithHelmet
 0x2605000 -  0x260cfff net.culater.DuctTape ??? (6.0)	/Library/Frameworks/DuctTape.framework/Versions/A/DuctTape
0x8fe00000 - 0x8fe4afff dyld 46.12	/usr/lib/dyld
0x90000000 - 0x90171fff libSystem.B.dylib 	/usr/lib/libSystem.B.dylib
0x901c1000 - 0x901c3fff libmathCommon.A.dylib 	/usr/lib/system/libmathCommon.A.dylib
0x901c5000 - 0x90202fff com.apple.CoreText 1.1.2 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x90229000 - 0x902fffff ATS 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x9031f000 - 0x90774fff com.apple.CoreGraphics 1.258.75 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x9080b000 - 0x908d3fff com.apple.CoreFoundation 6.4.7 (368.28)	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x90911000 - 0x90911fff com.apple.CoreServices 10.4 (???)	/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x90913000 - 0x90a07fff libicucore.A.dylib 	/usr/lib/libicucore.A.dylib
0x90a57000 - 0x90ad6fff libobjc.A.dylib 	/usr/lib/libobjc.A.dylib
0x90aff000 - 0x90b63fff libstdc++.6.dylib 	/usr/lib/libstdc++.6.dylib
0x90bd2000 - 0x90bd9fff libgcc_s.1.dylib 	/usr/lib/libgcc_s.1.dylib
0x90bde000 - 0x90c51fff com.apple.framework.IOKit 1.4.8 (???)	/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x90c66000 - 0x90c78fff libauto.dylib 	/usr/lib/libauto.dylib
0x90c7e000 - 0x90f24fff com.apple.CoreServices.CarbonCore 682.26	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x90f67000 - 0x90fcffff com.apple.CoreServices.OSServices 4.1	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x91007000 - 0x91046fff com.apple.CFNetwork 129.21	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x91059000 - 0x91069fff com.apple.WebServices 1.1.3 (1.1.0)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore
0x91074000 - 0x910f2fff com.apple.SearchKit 1.0.5	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x91127000 - 0x91145fff com.apple.Metadata 10.4.4 (121.36)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x91151000 - 0x9115ffff libz.1.dylib 	/usr/lib/libz.1.dylib
0x91162000 - 0x91301fff com.apple.security 4.5.2 (29774)	/System/Library/Frameworks/Security.framework/Versions/A/Security
0x913ff000 - 0x91407fff com.apple.DiskArbitration 2.1.1	/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x9140e000 - 0x91415fff libbsm.dylib 	/usr/lib/libbsm.dylib
0x91419000 - 0x9143ffff com.apple.SystemConfiguration 1.8.6	/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x91451000 - 0x914cafff com.apple.audio.CoreAudio 3.0.4	/System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x91518000 - 0x91518fff com.apple.ApplicationServices 10.4 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x9151a000 - 0x91545fff com.apple.AE 314 (313)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x91558000 - 0x9162cfff com.apple.ColorSync 4.4.9	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x91667000 - 0x916e4fff com.apple.print.framework.PrintCore 4.6 (177.13)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x91711000 - 0x917bafff com.apple.QD 3.10.24 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x917e0000 - 0x9182bfff com.apple.HIServices 1.5.2 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x9184a000 - 0x91860fff com.apple.LangAnalysis 1.6.3	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x9186c000 - 0x91886fff com.apple.FindByContent 1.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent
0x91890000 - 0x918cdfff com.apple.LaunchServices 182	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x918e1000 - 0x918edfff com.apple.speech.synthesis.framework 3.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x918f4000 - 0x91934fff com.apple.ImageIO.framework 1.5.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x91947000 - 0x919f9fff libcrypto.0.9.7.dylib 	/usr/lib/libcrypto.0.9.7.dylib
0x91a3f000 - 0x91a55fff libcups.2.dylib 	/usr/lib/libcups.2.dylib
0x91a5a000 - 0x91a78fff libJPEG.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x91a7d000 - 0x91adcfff libJP2.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib
0x91aee000 - 0x91af2fff libGIF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x91af4000 - 0x91b7afff libRaw.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib
0x91b7e000 - 0x91bbbfff libTIFF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x91bc1000 - 0x91bdbfff libPng.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x91be0000 - 0x91be2fff libRadiance.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x91be4000 - 0x91cc2fff libxml2.2.dylib 	/usr/lib/libxml2.2.dylib
0x91cdf000 - 0x91cdffff com.apple.Accelerate 1.3.1 (Accelerate 1.3.1)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x91ce1000 - 0x91d6ffff com.apple.vImage 2.5	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x91d76000 - 0x91d76fff com.apple.Accelerate.vecLib 3.3.1 (vecLib 3.3.1)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x91d78000 - 0x91dd1fff libvMisc.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x91dda000 - 0x91dfefff libvDSP.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x91e06000 - 0x9220ffff libBLAS.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x92249000 - 0x925fdfff libLAPACK.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x9262a000 - 0x92717fff libiconv.2.dylib 	/usr/lib/libiconv.2.dylib
0x92719000 - 0x92796fff com.apple.DesktopServices 1.3.6	/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x927d7000 - 0x92a07fff com.apple.Foundation 6.4.8 (567.29)	/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x92b21000 - 0x92b38fff libGL.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x92b43000 - 0x92b9bfff libGLU.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x92baf000 - 0x92baffff com.apple.Carbon 10.4 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x92bb1000 - 0x92bc1fff com.apple.ImageCapture 3.0.4	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x92bcf000 - 0x92bd7fff com.apple.speech.recognition.framework 3.6	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x92bdd000 - 0x92be2fff com.apple.securityhi 2.0.1 (24742)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x92be8000 - 0x92c79fff com.apple.ink.framework 101.2.1 (71)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x92c8d000 - 0x92c90fff com.apple.help 1.0.3 (32.1)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x92c93000 - 0x92cb0fff com.apple.openscripting 1.2.5 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x92cc0000 - 0x92cc6fff com.apple.print.framework.Print 5.2 (192.4)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x92ccc000 - 0x92d2ffff com.apple.htmlrendering 66.1 (1.1.3)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x92d53000 - 0x92d94fff com.apple.NavigationServices 3.4.4 (3.4.3)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices
0x92dbb000 - 0x92dc8fff com.apple.audio.SoundManager 3.9.1	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound
0x92dcf000 - 0x92dd4fff com.apple.CommonPanels 1.2.3 (73)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x92dd9000 - 0x930cefff com.apple.HIToolbox 1.4.9 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x931d4000 - 0x931dffff com.apple.opengl 1.4.16	/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x931e4000 - 0x931fffff com.apple.DirectoryService.Framework 3.2	/System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x9326f000 - 0x9326ffff com.apple.Cocoa 6.4 (???)	/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x93271000 - 0x93927fff com.apple.AppKit 6.4.8 (824.42)	/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x93ca8000 - 0x93d23fff com.apple.CoreData 91 (92.1)	/System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x93d5c000 - 0x93e16fff com.apple.audio.toolbox.AudioToolbox 1.4.5	/System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x93e59000 - 0x93e59fff com.apple.audio.units.AudioUnit 1.4.2	/System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x93e5b000 - 0x9401cfff com.apple.QuartzCore 1.4.12	/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x94062000 - 0x940a3fff libsqlite3.0.dylib 	/usr/lib/libsqlite3.0.dylib
0x940ab000 - 0x940e5fff libGLImage.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x940ea000 - 0x94100fff com.apple.CoreVideo 1.4.1	/System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
0x94198000 - 0x941d6fff com.apple.vmutils 4.0.2 (93.1)	/System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils
0x9421a000 - 0x9422afff com.apple.securityfoundation 2.2.1 (28150)	/System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
0x94237000 - 0x94274fff com.apple.securityinterface 2.2.1 (27695)	/System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface
0x94290000 - 0x9429ffff libCGATS.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
0x942a6000 - 0x942b1fff libCSync.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x942fd000 - 0x94317fff libRIP.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x947a8000 - 0x948eefff com.apple.AddressBook.framework 4.0.5 (487)	/System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x9497a000 - 0x94989fff com.apple.DSObjCWrappers.Framework 1.1	/System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x94990000 - 0x949b9fff com.apple.LDAPFramework 1.4.2 (69.1.1)	/System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x949bf000 - 0x949cefff libsasl2.2.dylib 	/usr/lib/libsasl2.2.dylib
0x949d2000 - 0x949f7fff libssl.0.9.7.dylib 	/usr/lib/libssl.0.9.7.dylib
0x94a03000 - 0x94a20fff libresolv.9.dylib 	/usr/lib/libresolv.9.dylib
0x95f27000 - 0x95f5ffff com.apple.PDFKit 1.0.4	/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/PDFKit.framework/Versions/A/PDFKit
0x97e78000 - 0x97f4ffff com.apple.QuartzComposer 1.2.6 (32.25)	/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzComposer.framework/Versions/A/QuartzComposer
0x97fd8000 - 0x97fd8fff com.apple.quartzframework 1.0	/System/Library/Frameworks/Quartz.framework/Versions/A/Quartz
0x9ae9a000 - 0x9aed1fff com.apple.Syndication 1.0.6 (54)	/System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication
0x9aeed000 - 0x9aefffff com.apple.SyndicationUI 1.0.6 (54)	/System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI

Comment 1 Eric Seidel (no email) 2007-10-20 22:43:20 PDT

Created attachment 16757 [details]
parser fix which exposes font code ASSERT

Comment 2 Eric Seidel (no email) 2007-10-20 22:44:16 PDT

Created attachment 16758 [details]
test case which hits assert after patching

This test case happens to be SVG, but I'm confident the same problem would occur for HTML as well.

Comment 3 Eric Seidel (no email) 2007-10-20 23:21:59 PDT

Created attachment 16760 [details]
html-only test case

Crash from HTML-only test case:

Date/Time:      2007-10-21 01:20:03.117 -0500
OS Version:     10.4.10 (Build 8R2218)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  zsh [4385]

Version:        3.0.3 (522.12.1)
Build Version:  2
Project Name:   WebBrowser
Source Version: 45221201

PID:    20985
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0x616554ab

Thread 0 Crashed:
0   com.apple.WebCore        	0x012088ef WebCore::Font::glyphDataForCharacter(int, bool) const + 369 (Font.cpp:388)
1   com.apple.WebCore        	0x01208f3b WebCore::WidthIterator::advance(int, WebCore::GlyphBuffer*) + 435 (Font.cpp:158)
2   com.apple.WebCore        	0x01209b62 WebCore::WidthIterator::advanceOneCharacter(float&, WebCore::GlyphBuffer*) + 56 (Font.cpp:246)
3   com.apple.WebCore        	0x01209d30 WebCore::Font::offsetForPositionForSimpleText(WebCore::TextRun const&, WebCore::TextStyle const&, int, bool) const + 348 (Font.cpp:769)
4   com.apple.WebCore        	0x01209e06 WebCore::Font::offsetForPosition(WebCore::TextRun const&, WebCore::TextStyle const&, int, bool) const + 74 (Font.cpp:738)
5   com.apple.WebCore        	0x0112e88e WebCore::InlineTextBox::offsetForPosition(int, bool) const + 404 (InlineTextBox.cpp:805)
6   com.apple.WebCore        	0x01187fcb WebCore::RenderText::positionForCoordinates(int, int) + 721 (RenderText.cpp:270)
7   com.apple.WebCore        	0x015bc3b1 WebCore::RenderObject::positionForPoint(WebCore::IntPoint const&) + 77 (RenderObject.h:517)
8   com.apple.WebCore        	0x013d408e WebCore::EventHandler::handleMousePressEventSingleClick(WebCore::MouseEventWithHitTestResults const&) + 436 (EventHandler.cpp:236)
9   com.apple.WebCore        	0x013d5f33 WebCore::EventHandler::handleMousePressEvent(WebCore::MouseEventWithHitTestResults const&) + 655 (EventHandler.cpp:317)
10  com.apple.WebCore        	0x013dae29 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 1579 (EventHandler.cpp:875)
11  com.apple.WebCore        	0x013d26cb WebCore::EventHandler::mouseDown(NSEvent*) + 563 (EventHandlerMac.mm:474)
12  com.apple.WebKit         	0x0033d968 -[WebHTMLView mouseDown:] + 374 (WebHTMLView.mm:3070)
13  com.apple.AppKit         	0x933653af -[NSWindow sendEvent:] + 5279
14  com.apple.Safari         	0x0009b10c 0x1000 + 631052
15  com.apple.AppKit         	0x93357350 -[NSApplication sendEvent:] + 5023
16  com.apple.Safari         	0x00014c98 0x1000 + 81048
17  com.apple.AppKit         	0x93281dfe -[NSApplication run] + 547
18  com.apple.AppKit         	0x93275d2f NSApplicationMain + 573
19  com.apple.Safari         	0x00002302 0x1000 + 4866
20  com.apple.Safari         	0x00048ef5 0x1000 + 294645

Thread 1:
0   libSystem.B.dylib        	0x9001a1cc select + 12
1   libSystem.B.dylib        	0x90024227 _pthread_body + 84

Thread 2:
0   libSystem.B.dylib        	0x900248c7 semaphore_wait_signal_trap + 7
1   com.apple.WebCore        	0x0147a566 WebCore::ThreadCondition::wait(WebCore::Mutex&) + 38 (ThreadingPthreads.cpp:162)
2   com.apple.WebCore        	0x012e46e6 WebCore::IconDatabase::syncThreadMainLoop() + 650 (IconDatabase.cpp:1308)
3   com.apple.WebCore        	0x012e5f1a WebCore::IconDatabase::iconDatabaseSyncThread() + 1206 (IconDatabase.cpp:1010)
4   com.apple.WebCore        	0x012e5f49 WebCore::IconDatabase::iconDatabaseSyncThreadStart(void*) + 23 (IconDatabase.cpp:914)
5   libSystem.B.dylib        	0x90024227 _pthread_body + 84

Thread 3:
0   libSystem.B.dylib        	0x90009cd7 mach_msg_trap + 7
1   com.apple.CoreFoundation 	0x9082d2b3 CFRunLoopRunSpecific + 2014
2   com.apple.CoreFoundation 	0x9082cace CFRunLoopRunInMode + 61
3   com.apple.Foundation     	0x92850bc2 +[NSURLCache _diskCacheSyncLoop:] + 206
4   com.apple.Foundation     	0x927f42e0 forkThreadForFunction + 123
5   libSystem.B.dylib        	0x90024227 _pthread_body + 84

Thread 4:
0   libSystem.B.dylib        	0x900248c7 semaphore_wait_signal_trap + 7
1   com.apple.Foundation     	0x9284a26c -[NSConditionLock lockWhenCondition:] + 39
2   com.apple.Syndication    	0x9ae9d052 -[AsyncDB _run:] + 181
3   com.apple.Foundation     	0x927f42e0 forkThreadForFunction + 123
4   libSystem.B.dylib        	0x90024227 _pthread_body + 84

Thread 5:
0   libSystem.B.dylib        	0x90009cd7 mach_msg_trap + 7
1   com.apple.CoreFoundation 	0x9082d2b3 CFRunLoopRunSpecific + 2014
2   com.apple.CoreFoundation 	0x9082cace CFRunLoopRunInMode + 61
3   com.apple.Foundation     	0x92829a0f +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 259
4   com.apple.Foundation     	0x927f42e0 forkThreadForFunction + 123
5   libSystem.B.dylib        	0x90024227 _pthread_body + 84

Thread 0 crashed with X86 Thread State (32-bit):
  eax: 0x616554a7  ebx: 0x0120878d  ecx: 0x1772cca8  edx: 0x00000000
  edi: 0x00000000  esi: 0x00000004  ebp: 0xbfff7a08  esp: 0xbfff7940
   ss: 0x0000001f  efl: 0x00010212  eip: 0x012088ef   cs: 0x00000017
   ds: 0x0000001f   es: 0x0000001f   fs: 0x00000000   gs: 0x00000037

Binary Images Description:
    0x1000 -   0x10cfff com.apple.Safari 3.0.3 (522.12.1)	/Applications/Safari.app/Contents/MacOS/Safari
  0x305000 -   0x3fafff com.apple.WebKit 523.11+	/Stuff/Users/eric/Projects/build/Debug/WebKit.framework/Versions/A/WebKit
  0x50a000 -   0x5bffff com.apple.JavaScriptCore 523.11+	/Stuff/Users/eric/Projects/build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore
 0x1008000 -  0x1796fff com.apple.WebCore 523.11+	/Stuff/Users/eric/Projects/build/Debug/WebCore.framework/Versions/A/WebCore
 0x2491000 -  0x2493fff net.culater.SIMBL 0.8 (8)	/Library/InputManagers/SIMBL/SIMBL.bundle/Contents/MacOS/SIMBL
 0x24a9000 -  0x24d4fff net.culater.PithHelmet 2.7 (78)	/Library/Application Support/SIMBL/Plugins/PithHelmet.bundle/Contents/MacOS/PithHelmet
 0x2605000 -  0x260cfff net.culater.DuctTape ??? (6.0)	/Library/Frameworks/DuctTape.framework/Versions/A/DuctTape
0x8fe00000 - 0x8fe4afff dyld 46.12	/usr/lib/dyld
0x90000000 - 0x90171fff libSystem.B.dylib 	/usr/lib/libSystem.B.dylib
0x901c1000 - 0x901c3fff libmathCommon.A.dylib 	/usr/lib/system/libmathCommon.A.dylib
0x901c5000 - 0x90202fff com.apple.CoreText 1.1.2 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x90229000 - 0x902fffff ATS 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x9031f000 - 0x90774fff com.apple.CoreGraphics 1.258.75 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x9080b000 - 0x908d3fff com.apple.CoreFoundation 6.4.7 (368.28)	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x90911000 - 0x90911fff com.apple.CoreServices 10.4 (???)	/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x90913000 - 0x90a07fff libicucore.A.dylib 	/usr/lib/libicucore.A.dylib
0x90a57000 - 0x90ad6fff libobjc.A.dylib 	/usr/lib/libobjc.A.dylib
0x90aff000 - 0x90b63fff libstdc++.6.dylib 	/usr/lib/libstdc++.6.dylib
0x90bd2000 - 0x90bd9fff libgcc_s.1.dylib 	/usr/lib/libgcc_s.1.dylib
0x90bde000 - 0x90c51fff com.apple.framework.IOKit 1.4.8 (???)	/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x90c66000 - 0x90c78fff libauto.dylib 	/usr/lib/libauto.dylib
0x90c7e000 - 0x90f24fff com.apple.CoreServices.CarbonCore 682.26	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x90f67000 - 0x90fcffff com.apple.CoreServices.OSServices 4.1	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x91007000 - 0x91046fff com.apple.CFNetwork 129.21	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x91059000 - 0x91069fff com.apple.WebServices 1.1.3 (1.1.0)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore
0x91074000 - 0x910f2fff com.apple.SearchKit 1.0.5	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x91127000 - 0x91145fff com.apple.Metadata 10.4.4 (121.36)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x91151000 - 0x9115ffff libz.1.dylib 	/usr/lib/libz.1.dylib
0x91162000 - 0x91301fff com.apple.security 4.5.2 (29774)	/System/Library/Frameworks/Security.framework/Versions/A/Security
0x913ff000 - 0x91407fff com.apple.DiskArbitration 2.1.1	/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x9140e000 - 0x91415fff libbsm.dylib 	/usr/lib/libbsm.dylib
0x91419000 - 0x9143ffff com.apple.SystemConfiguration 1.8.6	/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x91451000 - 0x914cafff com.apple.audio.CoreAudio 3.0.4	/System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x91518000 - 0x91518fff com.apple.ApplicationServices 10.4 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x9151a000 - 0x91545fff com.apple.AE 314 (313)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x91558000 - 0x9162cfff com.apple.ColorSync 4.4.9	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x91667000 - 0x916e4fff com.apple.print.framework.PrintCore 4.6 (177.13)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x91711000 - 0x917bafff com.apple.QD 3.10.24 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x917e0000 - 0x9182bfff com.apple.HIServices 1.5.2 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x9184a000 - 0x91860fff com.apple.LangAnalysis 1.6.3	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x9186c000 - 0x91886fff com.apple.FindByContent 1.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent
0x91890000 - 0x918cdfff com.apple.LaunchServices 182	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x918e1000 - 0x918edfff com.apple.speech.synthesis.framework 3.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x918f4000 - 0x91934fff com.apple.ImageIO.framework 1.5.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x91947000 - 0x919f9fff libcrypto.0.9.7.dylib 	/usr/lib/libcrypto.0.9.7.dylib
0x91a3f000 - 0x91a55fff libcups.2.dylib 	/usr/lib/libcups.2.dylib
0x91a5a000 - 0x91a78fff libJPEG.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x91a7d000 - 0x91adcfff libJP2.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib
0x91aee000 - 0x91af2fff libGIF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x91af4000 - 0x91b7afff libRaw.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib
0x91b7e000 - 0x91bbbfff libTIFF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x91bc1000 - 0x91bdbfff libPng.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x91be0000 - 0x91be2fff libRadiance.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x91be4000 - 0x91cc2fff libxml2.2.dylib 	/usr/lib/libxml2.2.dylib
0x91cdf000 - 0x91cdffff com.apple.Accelerate 1.3.1 (Accelerate 1.3.1)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x91ce1000 - 0x91d6ffff com.apple.vImage 2.5	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x91d76000 - 0x91d76fff com.apple.Accelerate.vecLib 3.3.1 (vecLib 3.3.1)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x91d78000 - 0x91dd1fff libvMisc.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x91dda000 - 0x91dfefff libvDSP.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x91e06000 - 0x9220ffff libBLAS.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x92249000 - 0x925fdfff libLAPACK.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x9262a000 - 0x92717fff libiconv.2.dylib 	/usr/lib/libiconv.2.dylib
0x92719000 - 0x92796fff com.apple.DesktopServices 1.3.6	/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x927d7000 - 0x92a07fff com.apple.Foundation 6.4.8 (567.29)	/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x92b21000 - 0x92b38fff libGL.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x92b43000 - 0x92b9bfff libGLU.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x92baf000 - 0x92baffff com.apple.Carbon 10.4 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x92bb1000 - 0x92bc1fff com.apple.ImageCapture 3.0.4	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x92bcf000 - 0x92bd7fff com.apple.speech.recognition.framework 3.6	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x92bdd000 - 0x92be2fff com.apple.securityhi 2.0.1 (24742)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x92be8000 - 0x92c79fff com.apple.ink.framework 101.2.1 (71)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x92c8d000 - 0x92c90fff com.apple.help 1.0.3 (32.1)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x92c93000 - 0x92cb0fff com.apple.openscripting 1.2.5 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x92cc0000 - 0x92cc6fff com.apple.print.framework.Print 5.2 (192.4)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x92ccc000 - 0x92d2ffff com.apple.htmlrendering 66.1 (1.1.3)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x92d53000 - 0x92d94fff com.apple.NavigationServices 3.4.4 (3.4.3)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices
0x92dbb000 - 0x92dc8fff com.apple.audio.SoundManager 3.9.1	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound
0x92dcf000 - 0x92dd4fff com.apple.CommonPanels 1.2.3 (73)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x92dd9000 - 0x930cefff com.apple.HIToolbox 1.4.9 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x931d4000 - 0x931dffff com.apple.opengl 1.4.16	/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x931e4000 - 0x931fffff com.apple.DirectoryService.Framework 3.2	/System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x9326f000 - 0x9326ffff com.apple.Cocoa 6.4 (???)	/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x93271000 - 0x93927fff com.apple.AppKit 6.4.8 (824.42)	/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x93ca8000 - 0x93d23fff com.apple.CoreData 91 (92.1)	/System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x93d5c000 - 0x93e16fff com.apple.audio.toolbox.AudioToolbox 1.4.5	/System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x93e59000 - 0x93e59fff com.apple.audio.units.AudioUnit 1.4.2	/System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x93e5b000 - 0x9401cfff com.apple.QuartzCore 1.4.12	/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x94062000 - 0x940a3fff libsqlite3.0.dylib 	/usr/lib/libsqlite3.0.dylib
0x940ab000 - 0x940e5fff libGLImage.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x940ea000 - 0x94100fff com.apple.CoreVideo 1.4.1	/System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
0x94198000 - 0x941d6fff com.apple.vmutils 4.0.2 (93.1)	/System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils
0x9421a000 - 0x9422afff com.apple.securityfoundation 2.2.1 (28150)	/System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
0x94237000 - 0x94274fff com.apple.securityinterface 2.2.1 (27695)	/System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface
0x94290000 - 0x9429ffff libCGATS.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
0x942a6000 - 0x942b1fff libCSync.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x942fd000 - 0x94317fff libRIP.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x947a8000 - 0x948eefff com.apple.AddressBook.framework 4.0.5 (487)	/System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x9497a000 - 0x94989fff com.apple.DSObjCWrappers.Framework 1.1	/System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x94990000 - 0x949b9fff com.apple.LDAPFramework 1.4.2 (69.1.1)	/System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x949bf000 - 0x949cefff libsasl2.2.dylib 	/usr/lib/libsasl2.2.dylib
0x949d2000 - 0x949f7fff libssl.0.9.7.dylib 	/usr/lib/libssl.0.9.7.dylib
0x94a03000 - 0x94a20fff libresolv.9.dylib 	/usr/lib/libresolv.9.dylib
0x95f27000 - 0x95f5ffff com.apple.PDFKit 1.0.4	/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/PDFKit.framework/Versions/A/PDFKit
0x97e78000 - 0x97f4ffff com.apple.QuartzComposer 1.2.6 (32.25)	/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzComposer.framework/Versions/A/QuartzComposer
0x97fd8000 - 0x97fd8fff com.apple.quartzframework 1.0	/System/Library/Frameworks/Quartz.framework/Versions/A/Quartz
0x9ae9a000 - 0x9aed1fff com.apple.Syndication 1.0.6 (54)	/System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication
0x9aeed000 - 0x9aefffff com.apple.SyndicationUI 1.0.6 (54)	/System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI

Model: MacBookPro1,1, BootROM MBP11.0055.B08, 2 processors, Intel Core Duo, 2.16 GHz, 2 GB
Graphics: ATI Radeon X1600, ATY,RadeonX1600, PCIe, 256 MB
Memory Module: BANK 0/DIMM0, 1 GB, DDR2 SDRAM, 667 MHz
Memory Module: BANK 1/DIMM1, 1 GB, DDR2 SDRAM, 667 MHz
AirPort: spairport_wireless_card_type_airport_extreme (0x168C, 0x86), 1.1.9.3
Bluetooth: Version 1.9.0f8, 2 service, 0 devices, 1 incoming serial ports
Network Service: AirPort, AirPort, en1
Serial ATA Device: ST9100824AS, 93.16 GB
Parallel ATA Device: MATSHITADVD-R   UJ-857
USB Device: Built-in iSight, Micron, Up to 480 Mb/sec, 500 mA
USB Device: Apple Internal Keyboard / Trackpad, Apple Computer, Up to 12 Mb/sec, 500 mA
USB Device: IR Receiver, Apple Computer, Inc., Up to 12 Mb/sec, 500 mA
USB Device: Bluetooth USB Host Controller, Apple, Inc., Up to 12 Mb/sec, 500 mA

Comment 4 Eric Seidel (no email) 2007-10-20 23:33:07 PDT

Created attachment 16761 [details]
further html-only reduction

Comment 5 Eric Seidel (no email) 2007-10-22 17:51:11 PDT

Bug 10652 has been landed.  However one test case (svg/custom/font-face-fallback.svg) is disabled until this bug is fixed.  Whenever this lands, that test should be re-enabled.

Comment 6 Eric Seidel (no email) 2007-10-23 14:56:06 PDT

I think this may be due to FontFallbackLists not being invalidated when a font transitions to loaded/failed.  But that's really just a guess.

Comment 7 mitz 2008-02-18 20:35:05 PST

<http://trac.webkit.org/projects/webkit/changeset/30392> fixed this bug.