Bug 157661 - svg/W3C-SVG-1.1/text-fonts-03-t.svg crashing under WebCore::Font::isLoading()
Summary: svg/W3C-SVG-1.1/text-fonts-03-t.svg crashing under WebCore::Font::isLoading()
Status: RESOLVED DUPLICATE of bug 157646
Alias: None
Product: WebKit
Classification: Unclassified
Component: SVG (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks: 42154
  Show dependency treegraph
 
Reported: 2016-05-12 20:37 PDT by Chris Dumez
Modified: 2016-05-12 22:47 PDT (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2016-05-12 20:37:50 PDT
svg/W3C-SVG-1.1/text-fonts-03-t.svg is crashing under WebCore::Font::isLoading() when I run the layout tests locally. I think this started less than a week ago:
Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000538
Exception Note:        EXC_CORPSE_NOTIFY

VM Regions Near 0x538:
--> 
    __TEXT                 0000000104b39000-0000000104b3b000 [    8K] r-x/rwx SM=COW  /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development

Application Specific Information:
CRASHING TEST: svg/W3C-SVG-1.1/text-fonts-03-t.svg

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x000000010ba9d07c WebCore::Font::isLoading() const + 12 (Font.h:169)
1   com.apple.WebCore             	0x000000010ba9cd1b WebCore::CSSFontAccessor::isLoading() const + 91 (CSSSegmentedFontFace.cpp:87)
2   com.apple.WebCore             	0x000000010bee54ae WebCore::FontRanges::isLoading() const + 94 (FontRanges.cpp:110)
3   com.apple.WebCore             	0x000000010bec5004 WebCore::FontCascadeFonts::isLoadingCustomFonts() const + 84 (FontCascadeFonts.cpp:133)
4   com.apple.WebCore             	0x000000010beadd32 WebCore::FontCascade::isLoadingCustomFonts() const + 82 (FontCascade.cpp:1118)
5   com.apple.WebCore             	0x000000010beae9fc WebCore::FontCascade::drawText(WebCore::GraphicsContext&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, WebCore::FontCascade::CustomFontNotReadyAction) const + 60 (FontCascade.cpp:309)
6   com.apple.WebCore             	0x000000010d31cbd8 WebCore::SVGInlineTextBox::paintTextWithShadows(WebCore::GraphicsContext&, WebCore::RenderStyle const*, WebCore::TextRun&, WebCore::SVGTextFragment const&, int, int) + 728 (SVGInlineTextBox.cpp:573)
7   com.apple.WebCore             	0x000000010d31bd2d WebCore::SVGInlineTextBox::paintText(WebCore::GraphicsContext&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::SVGTextFragment const&, bool, bool) + 957 (SVGInlineTextBox.cpp:603)
8   com.apple.WebCore             	0x000000010d31b675 WebCore::SVGInlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 1461 (SVGInlineTextBox.cpp:311)
9   com.apple.WebCore             	0x000000010d328043 WebCore::SVGRootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 707 (SVGRootInlineBox.cpp:69)
10  com.apple.WebCore             	0x000000010d24fecf WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const + 1999 (RenderLineBoxList.cpp:262)
11  com.apple.WebCore             	0x000000010d0cc357 WebCore::RenderBlockFlow::paintInlineChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 183 (RenderBlockFlow.cpp:3547)
12  com.apple.WebCore             	0x000000010d0849fc WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 140 (RenderBlock.cpp:1446)
13  com.apple.WebCore             	0x000000010d085728 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 904 (RenderBlock.cpp:1599)
14  com.apple.WebCore             	0x000000010d084832 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 338 (RenderBlock.cpp:1426)
15  com.apple.WebCore             	0x000000010d318b31 WebCore::RenderSVGText::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 225 (RenderSVGText.cpp:493)
16  com.apple.WebCore             	0x000000010d2f8446 WebCore::RenderSVGContainer::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 694 (RenderSVGContainer.cpp:141)
17  com.apple.WebCore             	0x000000010d313fae WebCore::RenderSVGRoot::paintReplaced(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1262 (RenderSVGRoot.cpp:286)
18  com.apple.WebCore             	0x000000010d2c0d28 WebCore::RenderReplaced::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1416 (RenderReplaced.cpp:191)
19  com.apple.WebCore             	0x000000010d1f11c3 WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) + 643 (RenderLayer.cpp:4758)
20  com.apple.WebCore             	0x000000010d1eed57 WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*, bool) + 727 (RenderLayer.cpp:4733)
21  com.apple.WebCore             	0x000000010d1ead88 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 2904 (RenderLayer.cpp:4355)
22  com.apple.WebCore             	0x000000010d1ea21b WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 267 (RenderLayer.cpp:4012)
23  com.apple.WebCore             	0x000000010d1e8e9b WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 1451 (RenderLayer.cpp:3994)
24  com.apple.WebCore             	0x000000010d1eea54 WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 196 (RenderLayer.cpp:4464)
25  com.apple.WebCore             	0x000000010d1eae61 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 3121 (RenderLayer.cpp:4365)
26  com.apple.WebCore             	0x000000010d21e9a7 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, unsigned int, unsigned int) + 711 (RenderLayerBacking.cpp:2332)
27  com.apple.WebCore             	0x000000010d21edc0 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, unsigned int, WebCore::FloatRect const&) + 768 (RenderLayerBacking.cpp:2370)
28  com.apple.WebCore             	0x000000010c0746bb WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&) + 171 (GraphicsLayer.cpp:417)
29  com.apple.WebCore             	0x000000010c0861f1 WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) + 1569 (GraphicsLayerCA.cpp:1471)
30  com.apple.WebCore             	0x000000010c08624f non-virtual thunk to WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) + 63 (GraphicsLayerCA.cpp:1455)
31  com.apple.WebCore             	0x000000010d00d3c6 WebCore::PlatformCALayer::drawLayerContents(CGContext*, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul>&) + 742 (PlatformCALayerCocoa.mm:1077)
32  com.apple.WebCore             	0x000000010d9d2385 WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) + 309 (TileGrid.cpp:690)
33  com.apple.WebCore             	0x000000010dbd7114 -[WebSimpleLayer drawInContext:] + 372 (WebLayer.mm:131)
34  com.apple.QuartzCore          	0x00007fff95ff2b19 CABackingStoreUpdate_ + 3494
35  com.apple.QuartzCore          	0x00007fff95ff1d6d ___ZN2CA5Layer8display_Ev_block_invoke + 59
36  com.apple.QuartzCore          	0x00007fff95ff1759 CA::Layer::display_() + 1565
37  com.apple.WebCore             	0x000000010dbd6f39 -[WebSimpleLayer display] + 105 (WebLayer.mm:112)
38  com.apple.QuartzCore          	0x00007fff95fe34a5 CA::Layer::display_if_needed(CA::Transaction*) + 603
39  com.apple.QuartzCore          	0x00007fff95fe2fcd CA::Layer::layout_and_display_if_needed(CA::Transaction*) + 35
40  com.apple.QuartzCore          	0x00007fff95fe24a1 CA::Context::commit_transaction(CA::Transaction*) + 277
41  com.apple.QuartzCore          	0x00007fff95fe20ec CA::Transaction::commit() + 508
42  com.apple.WebKit              	0x000000010509c283 WebKit::TiledCoreAnimationDrawingArea::forceRepaint() + 227 (TiledCoreAnimationDrawingArea.mm:147)
43  com.apple.WebKit              	0x00000001052b0b88 WebKit::WebPage::forceRepaintWithoutCallback() + 56 (WebPage.cpp:2814)
44  com.apple.WebKit              	0x00000001055e78ad WKBundlePageForceRepaint + 29 (WKBundlePage.cpp:478)
45  WebKitTestRunnerInjectedBundle	0x0000000119664f0c WTR::InjectedBundlePage::dump() + 108 (InjectedBundlePage.cpp:859)
46  WebKitTestRunnerInjectedBundle	0x00000001196648d2 WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*, bool) + 178 (InjectedBundlePage.cpp:2025)
47  WebKitTestRunnerInjectedBundle	0x0000000119663137 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*) + 119 (InjectedBundlePage.cpp:938)
48  WebKitTestRunnerInjectedBundle	0x0000000119661de8 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*) + 40 (InjectedBundlePage.cpp:560)
49  com.apple.WebKit              	0x0000000104d11b66 WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&) + 118 (InjectedBundlePageLoaderClient.cpp:146)
50  com.apple.WebKit              	0x00000001051cfcdd WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() + 141 (WebFrameLoaderClient.cpp:561)
51  com.apple.WebCore             	0x000000010bf9c80b WebCore::FrameLoader::checkLoadCompleteForThisFrame() + 2267 (FrameLoader.cpp:2319)
52  com.apple.WebCore             	0x000000010bf9419e WebCore::FrameLoader::checkLoadComplete() + 478 (FrameLoader.cpp:2465)
53  com.apple.WebCore             	0x000000010bc33f8f WebCore::DocumentLoader::finishedLoading(double) + 495 (DocumentLoader.cpp:445)
54  com.apple.WebCore             	0x000000010bc33d15 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) + 389 (DocumentLoader.cpp:384)
55  com.apple.WebCore             	0x000000010b74a222 WebCore::CachedResource::checkNotify() + 130 (CachedResource.cpp:298)
56  com.apple.WebCore             	0x000000010b74a331 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) + 49 (CachedResource.cpp:316)
57  com.apple.WebCore             	0x000000010b745a9a WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 218 (CachedRawResource.cpp:104)
58  com.apple.WebCore             	0x000000010d7ca074 WebCore::SubresourceLoader::didFinishLoading(double) + 532 (SubresourceLoader.cpp:431)
59  com.apple.WebKit              	0x00000001054e8527 WebKit::WebResourceLoader::didFinishResourceLoad(double) + 151 (WebResourceLoader.cpp:160)
60  com.apple.WebKit              	0x00000001054ed473 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) + 163 (HandleMessage.h:17)
61  com.apple.WebKit              	0x00000001054ed3c8 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 88 (HandleMessage.h:23)
62  com.apple.WebKit              	0x00000001054ec4e2 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 226 (HandleMessage.h:93)
63  com.apple.WebKit              	0x00000001054ebc5c WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 636 (WebResourceLoaderMessageReceiver.cpp:66)
64  com.apple.WebKit              	0x0000000104e87330 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 160 (NetworkProcessConnection.cpp:60)
65  com.apple.WebKit              	0x0000000104c0f3c3 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:896)
66  com.apple.WebKit              	0x0000000104c06994 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 724 (Connection.cpp:928)
67  com.apple.WebKit              	0x0000000104c0f9bf IPC::Connection::dispatchOneMessage() + 1519 (Connection.cpp:957)
68  com.apple.WebKit              	0x0000000104c20d2d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const + 29 (Connection.cpp:890)
69  com.apple.WebKit              	0x0000000104c20cfd void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) + 45 (__functional_base:441)
70  com.apple.WebKit              	0x0000000104c20b4c std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() + 44 (functional:1407)
71  com.apple.JavaScriptCore      	0x0000000108a8f04a std::__1::function<void ()>::operator()() const + 26 (functional:1793)
72  com.apple.JavaScriptCore      	0x00000001091fe392 WTF::RunLoop::performWork() + 306 (RunLoop.cpp:106)
73  com.apple.JavaScriptCore      	0x00000001091febb4 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)
Comment 1 Chris Dumez 2016-05-12 20:39:32 PDT
Possible regression from Myles' <http://trac.webkit.org/changeset/200601>?
Comment 2 Chris Dumez 2016-05-12 20:41:33 PDT
It is a consistent crash for me (tested on a debug build, running this test only).
Comment 3 Radar WebKit Bug Importer 2016-05-12 20:42:27 PDT
<rdar://problem/26261559>
Comment 4 Alexey Proskuryakov 2016-05-12 22:47:59 PDT

*** This bug has been marked as a duplicate of bug 157646 ***