RESOLVED DUPLICATE of bug 157646 157661
svg/W3C-SVG-1.1/text-fonts-03-t.svg crashing under WebCore::Font::isLoading()
https://bugs.webkit.org/show_bug.cgi?id=157661
Summary svg/W3C-SVG-1.1/text-fonts-03-t.svg crashing under WebCore::Font::isLoading()
Chris Dumez
Reported 2016-05-12 20:37:50 PDT
svg/W3C-SVG-1.1/text-fonts-03-t.svg is crashing under WebCore::Font::isLoading() when I run the layout tests locally. I think this started less than a week ago: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000538 Exception Note: EXC_CORPSE_NOTIFY VM Regions Near 0x538: --> __TEXT 0000000104b39000-0000000104b3b000 [ 8K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Application Specific Information: CRASHING TEST: svg/W3C-SVG-1.1/text-fonts-03-t.svg Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010ba9d07c WebCore::Font::isLoading() const + 12 (Font.h:169) 1 com.apple.WebCore 0x000000010ba9cd1b WebCore::CSSFontAccessor::isLoading() const + 91 (CSSSegmentedFontFace.cpp:87) 2 com.apple.WebCore 0x000000010bee54ae WebCore::FontRanges::isLoading() const + 94 (FontRanges.cpp:110) 3 com.apple.WebCore 0x000000010bec5004 WebCore::FontCascadeFonts::isLoadingCustomFonts() const + 84 (FontCascadeFonts.cpp:133) 4 com.apple.WebCore 0x000000010beadd32 WebCore::FontCascade::isLoadingCustomFonts() const + 82 (FontCascade.cpp:1118) 5 com.apple.WebCore 0x000000010beae9fc WebCore::FontCascade::drawText(WebCore::GraphicsContext&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, WebCore::FontCascade::CustomFontNotReadyAction) const + 60 (FontCascade.cpp:309) 6 com.apple.WebCore 0x000000010d31cbd8 WebCore::SVGInlineTextBox::paintTextWithShadows(WebCore::GraphicsContext&, WebCore::RenderStyle const*, WebCore::TextRun&, WebCore::SVGTextFragment const&, int, int) + 728 (SVGInlineTextBox.cpp:573) 7 com.apple.WebCore 0x000000010d31bd2d WebCore::SVGInlineTextBox::paintText(WebCore::GraphicsContext&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::SVGTextFragment const&, bool, bool) + 957 (SVGInlineTextBox.cpp:603) 8 com.apple.WebCore 0x000000010d31b675 WebCore::SVGInlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 1461 (SVGInlineTextBox.cpp:311) 9 com.apple.WebCore 0x000000010d328043 WebCore::SVGRootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 707 (SVGRootInlineBox.cpp:69) 10 com.apple.WebCore 0x000000010d24fecf WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const + 1999 (RenderLineBoxList.cpp:262) 11 com.apple.WebCore 0x000000010d0cc357 WebCore::RenderBlockFlow::paintInlineChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 183 (RenderBlockFlow.cpp:3547) 12 com.apple.WebCore 0x000000010d0849fc WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 140 (RenderBlock.cpp:1446) 13 com.apple.WebCore 0x000000010d085728 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 904 (RenderBlock.cpp:1599) 14 com.apple.WebCore 0x000000010d084832 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 338 (RenderBlock.cpp:1426) 15 com.apple.WebCore 0x000000010d318b31 WebCore::RenderSVGText::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 225 (RenderSVGText.cpp:493) 16 com.apple.WebCore 0x000000010d2f8446 WebCore::RenderSVGContainer::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 694 (RenderSVGContainer.cpp:141) 17 com.apple.WebCore 0x000000010d313fae WebCore::RenderSVGRoot::paintReplaced(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1262 (RenderSVGRoot.cpp:286) 18 com.apple.WebCore 0x000000010d2c0d28 WebCore::RenderReplaced::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1416 (RenderReplaced.cpp:191) 19 com.apple.WebCore 0x000000010d1f11c3 WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) + 643 (RenderLayer.cpp:4758) 20 com.apple.WebCore 0x000000010d1eed57 WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*, bool) + 727 (RenderLayer.cpp:4733) 21 com.apple.WebCore 0x000000010d1ead88 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 2904 (RenderLayer.cpp:4355) 22 com.apple.WebCore 0x000000010d1ea21b WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 267 (RenderLayer.cpp:4012) 23 com.apple.WebCore 0x000000010d1e8e9b WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 1451 (RenderLayer.cpp:3994) 24 com.apple.WebCore 0x000000010d1eea54 WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 196 (RenderLayer.cpp:4464) 25 com.apple.WebCore 0x000000010d1eae61 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 3121 (RenderLayer.cpp:4365) 26 com.apple.WebCore 0x000000010d21e9a7 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, unsigned int, unsigned int) + 711 (RenderLayerBacking.cpp:2332) 27 com.apple.WebCore 0x000000010d21edc0 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, unsigned int, WebCore::FloatRect const&) + 768 (RenderLayerBacking.cpp:2370) 28 com.apple.WebCore 0x000000010c0746bb WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&) + 171 (GraphicsLayer.cpp:417) 29 com.apple.WebCore 0x000000010c0861f1 WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) + 1569 (GraphicsLayerCA.cpp:1471) 30 com.apple.WebCore 0x000000010c08624f non-virtual thunk to WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) + 63 (GraphicsLayerCA.cpp:1455) 31 com.apple.WebCore 0x000000010d00d3c6 WebCore::PlatformCALayer::drawLayerContents(CGContext*, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul>&) + 742 (PlatformCALayerCocoa.mm:1077) 32 com.apple.WebCore 0x000000010d9d2385 WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) + 309 (TileGrid.cpp:690) 33 com.apple.WebCore 0x000000010dbd7114 -[WebSimpleLayer drawInContext:] + 372 (WebLayer.mm:131) 34 com.apple.QuartzCore 0x00007fff95ff2b19 CABackingStoreUpdate_ + 3494 35 com.apple.QuartzCore 0x00007fff95ff1d6d ___ZN2CA5Layer8display_Ev_block_invoke + 59 36 com.apple.QuartzCore 0x00007fff95ff1759 CA::Layer::display_() + 1565 37 com.apple.WebCore 0x000000010dbd6f39 -[WebSimpleLayer display] + 105 (WebLayer.mm:112) 38 com.apple.QuartzCore 0x00007fff95fe34a5 CA::Layer::display_if_needed(CA::Transaction*) + 603 39 com.apple.QuartzCore 0x00007fff95fe2fcd CA::Layer::layout_and_display_if_needed(CA::Transaction*) + 35 40 com.apple.QuartzCore 0x00007fff95fe24a1 CA::Context::commit_transaction(CA::Transaction*) + 277 41 com.apple.QuartzCore 0x00007fff95fe20ec CA::Transaction::commit() + 508 42 com.apple.WebKit 0x000000010509c283 WebKit::TiledCoreAnimationDrawingArea::forceRepaint() + 227 (TiledCoreAnimationDrawingArea.mm:147) 43 com.apple.WebKit 0x00000001052b0b88 WebKit::WebPage::forceRepaintWithoutCallback() + 56 (WebPage.cpp:2814) 44 com.apple.WebKit 0x00000001055e78ad WKBundlePageForceRepaint + 29 (WKBundlePage.cpp:478) 45 WebKitTestRunnerInjectedBundle 0x0000000119664f0c WTR::InjectedBundlePage::dump() + 108 (InjectedBundlePage.cpp:859) 46 WebKitTestRunnerInjectedBundle 0x00000001196648d2 WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*, bool) + 178 (InjectedBundlePage.cpp:2025) 47 WebKitTestRunnerInjectedBundle 0x0000000119663137 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*) + 119 (InjectedBundlePage.cpp:938) 48 WebKitTestRunnerInjectedBundle 0x0000000119661de8 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*) + 40 (InjectedBundlePage.cpp:560) 49 com.apple.WebKit 0x0000000104d11b66 WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&) + 118 (InjectedBundlePageLoaderClient.cpp:146) 50 com.apple.WebKit 0x00000001051cfcdd WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() + 141 (WebFrameLoaderClient.cpp:561) 51 com.apple.WebCore 0x000000010bf9c80b WebCore::FrameLoader::checkLoadCompleteForThisFrame() + 2267 (FrameLoader.cpp:2319) 52 com.apple.WebCore 0x000000010bf9419e WebCore::FrameLoader::checkLoadComplete() + 478 (FrameLoader.cpp:2465) 53 com.apple.WebCore 0x000000010bc33f8f WebCore::DocumentLoader::finishedLoading(double) + 495 (DocumentLoader.cpp:445) 54 com.apple.WebCore 0x000000010bc33d15 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) + 389 (DocumentLoader.cpp:384) 55 com.apple.WebCore 0x000000010b74a222 WebCore::CachedResource::checkNotify() + 130 (CachedResource.cpp:298) 56 com.apple.WebCore 0x000000010b74a331 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) + 49 (CachedResource.cpp:316) 57 com.apple.WebCore 0x000000010b745a9a WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 218 (CachedRawResource.cpp:104) 58 com.apple.WebCore 0x000000010d7ca074 WebCore::SubresourceLoader::didFinishLoading(double) + 532 (SubresourceLoader.cpp:431) 59 com.apple.WebKit 0x00000001054e8527 WebKit::WebResourceLoader::didFinishResourceLoad(double) + 151 (WebResourceLoader.cpp:160) 60 com.apple.WebKit 0x00000001054ed473 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) + 163 (HandleMessage.h:17) 61 com.apple.WebKit 0x00000001054ed3c8 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 88 (HandleMessage.h:23) 62 com.apple.WebKit 0x00000001054ec4e2 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 226 (HandleMessage.h:93) 63 com.apple.WebKit 0x00000001054ebc5c WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 636 (WebResourceLoaderMessageReceiver.cpp:66) 64 com.apple.WebKit 0x0000000104e87330 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 160 (NetworkProcessConnection.cpp:60) 65 com.apple.WebKit 0x0000000104c0f3c3 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:896) 66 com.apple.WebKit 0x0000000104c06994 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 724 (Connection.cpp:928) 67 com.apple.WebKit 0x0000000104c0f9bf IPC::Connection::dispatchOneMessage() + 1519 (Connection.cpp:957) 68 com.apple.WebKit 0x0000000104c20d2d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const + 29 (Connection.cpp:890) 69 com.apple.WebKit 0x0000000104c20cfd void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) + 45 (__functional_base:441) 70 com.apple.WebKit 0x0000000104c20b4c std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() + 44 (functional:1407) 71 com.apple.JavaScriptCore 0x0000000108a8f04a std::__1::function<void ()>::operator()() const + 26 (functional:1793) 72 com.apple.JavaScriptCore 0x00000001091fe392 WTF::RunLoop::performWork() + 306 (RunLoop.cpp:106) 73 com.apple.JavaScriptCore 0x00000001091febb4 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)
Attachments
Chris Dumez
Comment 1 2016-05-12 20:39:32 PDT
Possible regression from Myles' <http://trac.webkit.org/changeset/200601>?
Chris Dumez
Comment 2 2016-05-12 20:41:33 PDT
It is a consistent crash for me (tested on a debug build, running this test only).
Radar WebKit Bug Importer
Comment 3 2016-05-12 20:42:27 PDT
Alexey Proskuryakov
Comment 4 2016-05-12 22:47:59 PDT
*** This bug has been marked as a duplicate of bug 157646 ***
Note You need to log in before you can comment on or make changes to this bug.