RESOLVED FIXED 176109
[Win] Crash in MathML layout test. 
https://bugs.webkit.org/show_bug.cgi?id=176109
Summary [Win] Crash in MathML layout test.
Per Arne Vollan
Reported 2017-08-30 09:28:03 PDT
FAULTING_IP: WebKit!WebCore::FontCascade::drawGlyphs+85 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\platform\graphics\win\fontcgwin.cpp @ 164] 6ba0cca5 ff7130 push dword ptr [ecx+30h] EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) .exr 0xffffffffffffffff ExceptionAddress: 000000006ba0cca5 (WebKit!WebCore::FontCascade::drawGlyphs+0x0000000000000085) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 0000000000000030 Attempt to read from address 0000000000000030 CONTEXT: 0000000000000000 -- (.cxr 0x0;r) .cxr 0x0;r eax=00000030 ebx=0040201c ecx=00000000 edx=00000000 esi=0040e080 edi=05b39958 eip=6ba0cca5 esp=003f6e60 ebp=003f6f1c iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202 WebKit!WebCore::FontCascade::drawGlyphs+0x85: 6ba0cca5 ff7130 push dword ptr [ecx+30h] ds:002b:00000030=???????? .cxr STACK_TEXT: 003f6f1c 6b6badf2 0040e080 00000000 003f6f90 WebKit!WebCore::FontCascade::drawGlyphs+0x85 003f6f40 6bb8a86d 0553c924 00000000 003f6f90 WebKit!WebCore::GraphicsContext::drawGlyphs+0x42 00401fe0 6bb8ae9b 0040201c 0553b7f0 0040d1fc WebKit!WebCore::MathOperator::paintGlyph+0x60d 0040207c 6bb8911f 0553b7f0 0040d1fc 0040d194 WebKit!WebCore::MathOperator::paintVerticalGlyphAssembly+0xcb 0040d168 6bb3736f 0553b7f0 0040d1fc 0040d194 WebKit!WebCore::MathOperator::paint+0x25f 0040d1a0 6b54332b 0040d1fc 0040d1d0 0040d288 WebKit!WebCore::RenderMathMLOperator::paint+0x17f 0040d1dc 6b548197 0040d334 0040d288 0040d1fc WebKit!WebCore::RenderBlock::paintChildren+0x21b 0040d230 6b542f2a 0040d334 0040d288 0040d334 WebKit!WebCore::RenderBlock::paintContents+0xd7 0040d294 6b542c67 0040d334 0040d2cc 048ff848 WebKit!WebCore::RenderBlock::paintObject+0x1fa 0040d2d8 6b54332b 0040d334 0040d308 0040d3c0 WebKit!WebCore::RenderBlock::paint+0x177 0040d314 6b548197 0040d4e4 0040d3c0 0040d334 WebKit!WebCore::RenderBlock::paintChildren+0x21b 0040d368 6b542f2a 0040d4e4 0040d3c0 0040d4e4 WebKit!WebCore::RenderBlock::paintContents+0xd7 0040d3cc 6b542c67 0040d4e4 0040d404 04995390 WebKit!WebCore::RenderBlock::paintObject+0x1fa 0040d410 6b51d3ac 0040d4e4 0040d480 055351a0 WebKit!WebCore::RenderBlock::paint+0x177 0040d42c 6b59154e 00000004 0040d480 0040d6a4 WebKit!WebCore::RenderElement::paintAsInlineBlock+0xbc 0040d48c 6b55a9bc 0040d4e4 0040d6a4 00000000 WebKit!WebCore::InlineElementBox::paint+0xfe 0040d518 6b55f684 0040d594 0040d6a4 00000000 WebKit!WebCore::InlineFlowBox::paint+0x36c 0040d538 6b56343a 0040d594 0040d6a4 00000000 WebKit!WebCore::RootInlineBox::paint+0x64 0040d5ec 6b56b59d 048ff6d8 0040d750 0040d6a4 WebKit!WebCore::RenderLineBoxList::paint+0x35a 0040d600 6b548100 0040d750 0040d6a4 00000004 WebKit!WebCore::RenderBlockFlow::paintInlineChildren+0x2d 0040d64c 6b542f2a 0040d750 0040d6a4 0040d750 WebKit!WebCore::RenderBlock::paintContents+0x40 0040d6b0 6b542c67 0040d750 0040d6e8 048ff6d8 WebKit!WebCore::RenderBlock::paintObject+0x1fa 0040d6f4 6b54332b 0040d750 0040d724 0040d7dc WebKit!WebCore::RenderBlock::paint+0x177 0040d730 6b548197 0040d880 0040d7dc 0040d750 WebKit!WebCore::RenderBlock::paintChildren+0x21b 0040d784 6b542f2a 0040d880 0040d7dc 0040d880 WebKit!WebCore::RenderBlock::paintContents+0xd7 0040d7e8 6b542c67 0040d880 0040d820 0040d9b0 WebKit!WebCore::RenderBlock::paintObject+0x1fa 0040d82c 6b5a8030 0040d880 0040d848 0040d9b0 WebKit!WebCore::RenderBlock::paint+0x177 0040d8b4 6b5a7e2e 00000004 0040da4c 0040e080 WebKit!WebCore::RenderLayer::paintForegroundForFragmentsWithPhase+0x1a0 0040d8f8 6b5a7625 0040da4c 0040e080 0040e080 WebKit!WebCore::RenderLayer::paintForegroundForFragments+0x14e 0040dae0 6b5a6a0e 0040e080 0040dca8 00000060 WebKit!WebCore::RenderLayer::paintLayerContents+0x6b5 0040dafc 6b5a6882 0040e080 0040dca8 00000060 WebKit!WebCore::RenderLayer::paintLayerContentsAndReflection+0x4e 0040dbdc 6b5a79ff 0040e080 0040dca8 00000060 WebKit!WebCore::RenderLayer::paintLayer+0x2e2 0040dc00 6b5a768f 054e39f0 0040e080 0040dca8 WebKit!WebCore::RenderLayer::paintList+0x8f 0040ddd8 6b5a6a0e 0040e080 0040df1c 00000060 WebKit!WebCore::RenderLayer::paintLayerContents+0x71f 0040ddf4 6b5a6882 0040e080 0040df1c 00000000 WebKit!WebCore::RenderLayer::paintLayerContentsAndReflection+0x4e 0040ded4 6b59fe22 0040e080 0040df1c 00000000 WebKit!WebCore::RenderLayer::paintLayer+0x2e2 0040df60 6b739df5 0040e080 0040df90 0040dfa0 WebKit!WebCore::RenderLayer::paint+0xc2 0040dfb8 6b467410 0040e080 055179f0 00000000 WebKit!WebCore::FrameView::paintContents+0x125 0040e040 6b2e2371 0040e080 0040e180 00000000 WebKit!WebCore::ScrollView::paint+0x210 0040e194 6b2e2575 049cb8b8 310107ed 05538da0 WebKit!WebView::paintIntoBackingStore+0x1d1 0040e200 6b2de13d 049cb8b8 310107ed 054acd01 WebKit!WebView::updateBackingStore+0x145 0040e2b0 6b2e2b62 00000000 00000000 00000000 WebKit!WebView::paint+0x15d 0040e2f8 770762fa 10c50cd4 0000000f 00000000 WebKit!WebView::WebViewWndProc+0xd2 WARNING: Stack unwind information not available. Following frames may be wrong. 0040e324 77076d3a 6b2e2a90 10c50cd4 0000000f USER32!gapfnScSendMessage+0x332 0040e39c 77080d3f 00000000 6b2e2a90 10c50cd4 USER32!GetThreadDesktop+0xd7 0040e3d4 77080d65 6b2e2a90 10c50cd4 0000000f USER32!GetClientRect+0xc5 0040e3f4 708cf453 6b2e2a90 10c50cd4 0000000f USER32!CallWindowProcW+0x1b 0040e410 708cf5fe 10c50cd4 0000000f 00000000 COMCTL32!DPA_Sort+0x2aa 0040e474 708cf5b2 054ce510 10c50cd4 0000000f COMCTL32!DefSubclassProc+0x92 0040e498 708cb65f 10c50cd4 0000000f 00000000 COMCTL32!DefSubclassProc+0x46 0040e4b4 708cf5fe 10c50cd4 0000000f 00000000 COMCTL32!ImageList_GetIcon+0x71d 0040e518 708cf4a0 054ce510 10c50cd4 0000000f COMCTL32!DefSubclassProc+0x92 0040e578 770762fa 10c50cd4 0000000f 00000000 COMCTL32!DPA_Sort+0x2f7 0040e5a4 77076d3a 708cf45c 10c50cd4 0000000f USER32!gapfnScSendMessage+0x332 0040e61c 7707965e 00000000 708cf45c 10c50cd4 USER32!GetThreadDesktop+0xd7 0040e660 770796c5 0138b6a0 00000000 708cf45c USER32!GetWindow+0x3f0 0040e684 71658e91 10c50cd4 0000000f 00000000 USER32!SendMessageW+0x4c 0040e6d8 716634d1 0028da08 0040e70c 71662bb7 DumpRenderTreeLib!dump+0x61 0040e6e4 71662bb7 00000000 048fd6a8 04994500 DumpRenderTreeLib!FrameLoadDelegate::locationChangeDone+0xb1 0040e70c 6b300db0 0026fc38 0028da08 048fd6a8 DumpRenderTreeLib!FrameLoadDelegate::didFinishLoadForFrame+0x67 0040e730 6b3ca000 0040e7a0 0040e7a0 008812c4 WebKit!WebFrameLoaderClient::dispatchDidFinishLoad+0x40 0040e77c 6b3c5d94 054d3b48 05509c28 04994504 WebKit!WebCore::FrameLoader::checkLoadCompleteForThisFrame+0x140 0040e7e4 6b3bd908 05509c28 5dba6130 41d669aa WebKit!WebCore::FrameLoader::checkLoadComplete+0xf4 0040e8dc 6b3bdab6 05508aa0 6b8d10dd 05508aa0 WebKit!WebCore::DocumentLoader::finishedLoading+0x178 0040e8e4 6b8d10dd 05508aa0 05508aa0 05508aa8 WebKit!WebCore::DocumentLoader::notifyFinished+0x26 0040e908 6b8cfa1c 6b948395 054d3b48 0040e974 WebKit!WebCore::CachedResource::checkNotify+0x3d 0040e90c 6b948395 054d3b48 0040e974 0550b8d8 WebKit!WebCore::CachedResource::finishLoading+0xc 0040e940 6b3d4331 054d3b48 6ec2254a 0550b8d8 WebKit!WebCore::CachedRawResource::finishLoading+0x105 0040e964 6b3cf50f 0040e974 054e3ac8 00000000 WebKit!WebCore::SubresourceLoader::didFinishLoading+0xa1 0040ea58 6b955b89 054e3ae0 05c48a80 6e99d3a7 WebKit!WebCore::ResourceLoader::didFinishLoading+0x2f 0040ea64 6e99d3a7 05c1c8f0 054e3ac8 6e9fbcf4 WebKit!WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didFinishLoading+0x19 0040eab0 6e99b211 0040ead8 5f399446 05c48a80 CFNetwork!CFHTTPCookieCreateWithResponseHeaderFields+0xc3d7 0040ec30 6e99a470 008812ac 00000003 05c1e1f0 CFNetwork!CFHTTPCookieCreateWithResponseHeaderFields+0xa241 0040ec54 6e8515e2 5f39938a 05b39750 00000000 CFNetwork!CFHTTPCookieCreateWithResponseHeaderFields+0x94a0 0040ed0c 6e8510ec 05b3975c 0040ed44 6ec91268 CFNetwork+0x115e2 0040ed18 6ec91268 05c1e1f0 00892838 00892838 CFNetwork+0x110ec 0040ed44 6ec948f5 00892838 00000001 00892890 CoreFoundation!CFDateFormatterGetTimeStyle+0x6e03f 0040eda8 6ec94e11 00892890 00000000 00000000 CoreFoundation!CFDateFormatterGetTimeStyle+0x716cc 0040edfc 6ec94f60 00892838 6ed8cfa0 00000000 CoreFoundation!CFDateFormatterGetTimeStyle+0x71be8 0040ef44 71659a7a 0040ef5c 01376df0 00232300 CoreFoundation!CFDateFormatterGetTimeStyle+0x71d37 0040f7bc 71659c4e 00000002 00232300 0040fa94 DumpRenderTreeLib!main+0x43a 0040f7cc 013616c9 00000002 00232300 01376dec DumpRenderTreeLib!dllLauncherEntryPoint+0xe 0040fa94 013632ba 00000002 00232300 00235b10 DumpRenderTree!main+0x469 0040fae0 7672336a 7efde000 0040fb2c 77639902 DumpRenderTree!__scrt_common_main_seh+0xff 0040faec 77639902 7efde000 75b608d5 00000000 KERNEL32!BaseThreadInitThunk+0x12 0040fb2c 776398d5 01363337 7efde000 00000000 ntdll_77600000!RtlInitializeExceptionChain+0x63 0040fb44 00000000 01363337 7efde000 00000000 ntdll_77600000!RtlInitializeExceptionChain+0x36
Attachments
Patch (1.83 KB, patch)
2017-08-30 09:49 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (2.00 KB, patch)
2017-08-30 11:17 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2017-08-30 09:49:42 PDT
Created attachment 319374 [details] Patch
Brent Fulgham
Comment 2 2017-08-30 10:16:05 PDT
Comment on attachment 319374 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=319374&action=review > Source/WebCore/rendering/mathml/MathOperator.cpp:641 > + return; It seems like these tests will still fail in Debug builds, right? If missing fonts is an expected condition, I think we should get rid of the ASSERTs. If the missing fonts are exceptional cases, we should probably add a LOG_ERROR or similar so we can catch cases of this in the field. Does this crash indicate that we are missing fonts or need some kind of setup on our test systems?
Per Arne Vollan
Comment 3 2017-08-30 11:17:57 PDT
Created attachment 319381 [details] Patch
Per Arne Vollan
Comment 4 2017-08-30 11:31:47 PDT
(In reply to Brent Fulgham from comment #2) > Comment on attachment 319374 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=319374&action=review > > > Source/WebCore/rendering/mathml/MathOperator.cpp:641 > > + return; > > It seems like these tests will still fail in Debug builds, right? > Yes. > If missing fonts is an expected condition, I think we should get rid of the > ASSERTs. If the missing fonts are exceptional cases, we should probably add > a LOG_ERROR or similar so we can catch cases of this in the field. > On macOS, this probably is an exceptional case. On Windows I think we should expect that this could happen, since the default MathML font support is more limited, as far as I know. > Does this crash indicate that we are missing fonts or need some kind of > setup on our test systems? Yes, we could most likely fix the crash on the bot by installing MathML fonts, but I also think it would be nice to have a fix for the crash. Thanks for reviewing!
Brent Fulgham
Comment 5 2017-08-30 12:14:04 PDT
Comment on attachment 319381 [details] Patch r=me. I think we should try to make sure the test bots have whatever fonts they need to avoid hitting these ASSERTS, but it's probably good to keep them.
Per Arne Vollan
Comment 6 2017-08-30 12:32:20 PDT
(In reply to Brent Fulgham from comment #5) > Comment on attachment 319381 [details] > Patch > > r=me. I think we should try to make sure the test bots have whatever fonts > they need to avoid hitting these ASSERTS, but it's probably good to keep > them. Thanks! I will look into installing MathML fonts on the bots.
WebKit Commit Bot
Comment 7 2017-08-30 13:01:13 PDT
Comment on attachment 319381 [details] Patch Clearing flags on attachment: 319381 Committed r221394: <http://trac.webkit.org/changeset/221394>
WebKit Commit Bot
Comment 8 2017-08-30 13:01:15 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 9 2017-08-30 13:02:54 PDT
<rdar://problem/34169893>
Note You need to log in before you can comment on or make changes to this bug.