Created attachment 334987 [details] Sample html to reproduce the issue Summary: ------------- When I use font-feature-setting in css for a couple of spans, Safari is unable to show the html, it crashes and warns that 'problem repeatedly occurred' with test file. The problem occurs with different combinations of font-feature-setting values in span styles. I have attached an html file with minimal sample to consistently reproduce this problem. You may also try the code snippet in my stackoverflow query: https://stackoverflow.com/questions/48989228/safari-11-crash-on-10-13-with-css-using-font-feature-settings-for-open-type-feat Steps to Reproduce: -------------------------- 1. Define a css style, say .style1 using "case" in font-feature-setting. 2. Define another css style, say .style2 using "numr". 3. Use 'Adobe Caslon Pro' in both the styles. (Or a font that supports both of these open type features) 4. Use these styles on two separate spans in html. 5. Save the html and open in Safari. Some observations: -------------------------- 1. It crashes in 11.0.2, 11.0.3 (on High Sierra), but not in 11.0.1 (on Sierra) 2. ITS NOT FONT SPECIFIC. Crashed with other fonts too which support the features used in styles 3. It doesn't crash if only single style was used. 4. Its not specific to combination of 'numr' or 'case' features. e.g. it crashes for 'case' & 'ornm' too. 5. The crash log says Crashing on exception: -[__NSCFNumber compare:]: nil argument Sample html to reproduce the issue: ------------------------------------------------ <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Safari Crash Bug </title> <meta http-equiv="Content-Type" content="text/html;CHARSET=utf-8"/> <style type="text/css"> <!-- .char-Style1 { font-family:'Adobe Caslon Pro','ACaslonPro-Regular'; font-feature-settings:"case"; } .char-Styl22 { font-family:'Adobe Caslon Pro','ACaslonPro-Regular'; font-feature-settings:"numr"; } --> </style> </head> <body> <div> <span class="char-Style1">A</span> <span class="char-Style2">1</span> </div> </body> </html> Crash log: ------------- Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Illegal instruction: 4 Termination Reason: Namespace SIGNAL, Code 0x4 Terminating Process: exc handler [0] Application Specific Information: Crashing on exception: -[__NSCFNumber compare:]: nil argument Bundle controller class: BrowserBundleController Application Specific Backtrace 1: 0 CoreFoundation 0x00007fff4a0f41fb __exceptionPreprocess + 171 1 libobjc.A.dylib 0x00007fff70d73942 objc_exception_throw + 48 2 CoreFoundation 0x00007fff4a1846d5 +[NSException raise:format:] + 197 3 CoreFoundation 0x00007fff4a01efe4 -[__NSCFNumber compare:] + 84 4 CoreFoundation 0x00007fff4a01ef76 -[__NSCFNumber isEqualToNumber:] + 22 5 CoreText 0x00007fff4bb7e03a -[CTFeatureSetting isEqualToFeatureSetting:] + 68 6 CoreFoundation 0x00007fff4a06e0ce -[NSArray isEqualToArray:] + 350 7 CoreFoundation 0x00007fff4a009259 CFEqual + 585 8 CoreFoundation 0x00007fff4a08b5a6 __CFBasicHashesAreEqual_block_invoke + 2614 9 CoreFoundation 0x00007fff4a060a28 CFBasicHashesAreEqual + 600 10 CoreText 0x00007fff4bb27b4c _ZeqRK6TCFRefIPK14__CFDictionaryES5_ + 32 11 CoreText 0x00007fff4bb32a86 _ZNK5TFonteqERKS_ + 134 12 CoreText 0x00007fff4bb329f9 _ZN7TCFBaseI5TFontE10ClassEqualEPKvS3_ + 17 13 WebCore 0x00007fff570ca349 _ZNK7WebCore16FontPlatformData15platformIsEqualERKS0_ + 25 14 WebCore 0x00007fff5761e6d7 _ZN3WTF7HashMapIN7WebCore16FontPlatformDataENS_6RefPtrINS1_4FontEEENS1_20FontDataCacheKeyHashENS1_22FontDataCacheKeyTraitsENS_10HashTraitsIS5_EEE3addIDnEENS_18HashTableAddResultINS_17HashTableIteratorIS2_NS_12KeyValuePairIS2_S5_EENS_24KeyValuePairKeyExtractorISF_EES6_NSA_18KeyValuePairTraitsES7_EEEERKS2_OT_ + 247 15 WebCore 0x00007fff5761e564 _ZN7WebCore9FontCache19fontForPlatformDataERKNS_16FontPlatformDataE + 100 16 WebCore 0x00007fff5761e4d8 _ZN7WebCore9FontCache13fontForFamilyERKNS_15FontDescriptionERKN3WTF12AtomicStringEPKNS_18FontTaggedSettingsIiEEPKNS_19FontVariantSettingsENS_34FontSelectionSpecifiedCapabilitiesEb + 216 17 WebCore 0x00007fff5748ec6e _ZN7WebCore15CSSFontSelector19fontRangesForFamilyERKNS_15FontDescriptionERKN3WTF12AtomicStringE + 270 18 WebCore 0x00007fff57634ce4 _ZN7WebCoreL19realizeNextFallbackERKNS_22FontCascadeDescriptionERjPNS_12FontSelectorE + 180 19 WebCore 0x00007fff576349ce _ZN7WebCore16FontCascadeFonts23realizeFallbackRangesAtERKNS_22FontCascadeDescriptionEj + 270 20 WebCore 0x00007fff5714a43c _ZN7WebCore12RenderInline27updateAlwaysCreateLineBoxesEb + 364 21 WebCore 0x00007fff57edc8b8 _ZN7WebCore15RenderBlockFlow15layoutLineBoxesEbRNS_10LayoutUnitES2_ + 824 22 WebCore 0x00007fff57ec86c2 _ZN7WebCore15RenderBlockFlow11layoutBlockEbNS_10LayoutUnitE + 866 23 WebCore 0x00007fff570ffe88 _ZN7WebCore11RenderBlock6layoutEv + 56 24 WebCore 0x00007fff57eca4c1 _ZN7WebCore15RenderBlockFlow16layoutBlockChildERNS_9RenderBoxERNS0_10MarginInfoERNS_10LayoutUnitES6_ + 817 25 WebCore 0x00007fff57ec945c _ZN7WebCore15RenderBlockFlow19layoutBlockChildrenEbRNS_10LayoutUnitE + 508 26 WebCore 0x00007fff57ec86b0 _ZN7WebCore15RenderBlockFlow11layoutBlockEbNS_10LayoutUnitE + 848 27 WebCore 0x00007fff570ffe88 _ZN7WebCore11RenderBlock6layoutEv + 56
There is typo in sample html placed in description its .char-Styl22 instead of .char-Style2
Comment on attachment 334987 [details] Sample html to reproduce the issue ><!DOCTYPE html> ><html xmlns="http://www.w3.org/1999/xhtml"> ><head> ><title> > SafariCrashBug ></title> ><meta http-equiv="Content-Type" content="text/html;CHARSET=utf-8"/> ><style type="text/css"> ><!-- > .char-Normal-Local-5 { > font-family:'Adobe Caslon Pro','ACaslonPro-Regular'; > font-kerning:Normal; > -webkit-font-kerning:Normal; > font-feature-settings:"liga","case"; > } > .char-Normal-Local-6 { > font-family:'Adobe Caslon Pro','ACaslonPro-Regular'; > font-kerning:Normal; > -webkit-font-kerning:Normal; > font-feature-settings:"liga","numr"; > } > --> ></style> ></head> > ><body> ><div> > <span class="char-Normal-Local-5">A</span> > <span class="char-Normal-Local-6">1</span> ></div> ></body> ></html>
Can you reproduce this issue with Safari Tech Preview? I cannot reproduce it here.
(In reply to Alexey Proskuryakov from comment #3) > Can you reproduce this issue with Safari Tech Preview? I cannot reproduce it > here. I checked with latest Safari Tech Preview -Release 50 (Safari 11.2, WebKit 13606.1.5). Unfortunately the problem is still reproducible. Did you check on macOS 10.13? Do you have the 'Adobe Caslon Pro' font available on your system. If not, please modify the css in sample html with a font family that you have on your system and which supports the referred font features.
Is there a font that reproduces this that's available for free (ideally installed in macOS by default)? Sounds like reproducing this will be a challenge, so could you please attach a complete crash log file? The part that you posted is helpful, but not sufficient.
Created attachment 335276 [details] Font with open type features to reproduce Safari crash
Created attachment 335277 [details] Sample html using Fira Sans font to reproduce the issue
(In reply to Alexey Proskuryakov from comment #5) > Is there a font that reproduces this that's available for free (ideally > installed in macOS by default)? > > Sounds like reproducing this will be a challenge, so could you please attach > a complete crash log file? The part that you posted is helpful, but not > sufficient. Thanks for your response. One such free and open source font is Fira Sans (SIL Open Font License). I have attached the same. Please install the 'FiraSans-Regular.otf' font from with zip file and try following sample (Also attached). <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Safari Crash Bug </title> <meta http-equiv="Content-Type" content="text/html;CHARSET=utf-8"/> <style type="text/css"> <!-- .text-openType-Case { font-family:'Fira Sans'; font-feature-settings:"case"; } .text-openType-Numr { font-family:'Fira Sans'; font-feature-settings:"numr"; } --> </style> </head> <body> <p> <span class="text-openType-Case">A</span> <span class="text-openType-Numr">1</span> </p> </body> </html> Also note that I observed Safari crashes if the font is installed on system and It does not crash if I use the same font using font-face rule and the font is not installed on system.
Thank you, that reproduces! rdar://problem/35745966