RESOLVED WORKSFORME 189403
[FreeType] Crash on www.axis-praxis.org in FontPlatformData constructor 
https://bugs.webkit.org/show_bug.cgi?id=189403
Summary [FreeType] Crash on www.axis-praxis.org in FontPlatformData constructor
Jérémy Lal
Reported 2018-09-07 05:06:58 PDT
https://www.axis-praxis.org/specimens/__DEFAULT__ makes the page crash on webkitgtk 2.20 and 2.22 (at least). It's a web page for testing variable fonts.
Attachments
Full backtrace (96.43 KB, text/plain)
2018-09-10 17:33 PDT, Michael Catanzaro 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2018-09-09 13:38:27 PDT
I cannot reproduce in Safari for Mac, so probably platform specific.
Michael Catanzaro
Comment 2 2018-09-10 17:21:25 PDT
Normally we expect a backtrace to be included in the bug report, but in this case it was easy enough for me to reproduce. Truncated backtrace is: #0 0x00007f5cf2212eab in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007f5cf21fd5b9 in __GI_abort () at abort.c:79 #2 0x00007f5cf22557b7 in __libc_message (action=action@entry= do_abort, fmt=fmt@entry=0x7f5cf235f359 "%s\n") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007f5cf225bc4c in malloc_printerr (str=str@entry=0x7f5cf2360c40 "munmap_chunk(): invalid pointer") at malloc.c:5350 #4 0x00007f5cf225c1a4 in munmap_chunk (p=<optimized out>) at malloc.c:2846 #5 0x00007f5cf9e57713 in cairo_ft_apply_variations (face=face@entry=0x7f5cdc0cdb80, scaled_font=<optimized out>, scaled_font=<optimized out>) at cairo-ft-font.c:2384 #6 0x00007f5cf9e5a69f in cairo_ft_scaled_font_lock_face (abstract_font=abstract_font@entry=0x560dde7082c0) at cairo-ft-font.c:3851 #7 0x00007f5d007e3bea in WebCore::CairoFtFaceLocker::CairoFtFaceLocker(_cairo_scaled_font*) (scaledFont=0x560dde7082c0, this=<synthetic pointer>) at /usr/src/debug/webkit2gtk3-2.20.5-1.fc28.x86_64/Source/WebCore/platform/graphics/freetype/FontPlatformDataFreeType.cpp:168 #8 0x00007f5d007e3bea in WebCore::FontPlatformData::FontPlatformData(_cairo_font_face*, WebCore::FontDescription const&, bool, bool) (this=0x7ffcbb048a80, fontFace=<optimized out>, description=..., bold=<optimized out>, italic=<optimized out>) at /usr/src/debug/webkit2gtk3-2.20.5-1.fc28.x86_64/Source/WebCore/platform/g-raphics/freetype/FontPlatformDataFreeType.cpp:168 #9 0x00007f5d007e3097 in WebCore::FontCustomPlatformData::fontPlatformData(WebCore::FontDescription const&, bool, bool) (this=<optimized out>, description=..., bold=<optimized out>, italic=<optimized out>) at /usr/src/debug/webkit2gtk3-2.20.5-1.fc28.x86_64/Source/WebCore/platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:61 #10 0x00007f5d0014ab38 in WebCore::CachedFont::platformDataFromCustomData(WebCore::FontCustomPlatformData&, WebCore::FontDescription const&, bool, bool, WebCore::FontTaggedSettings<int> const&, WebCore::FontVariantSettings const&, WebCore::FontSelectionSpecifiedCapabilities) (fontCustomPlatformData=..., fontDescription=..., bold=<optimized out>, italic=<optimized out>, fontFaceFeatures=..., fontFaceVariantSettings=..., fontFaceCapabilities=...) at /usr/src/debug/webkit2gtk3-2.20.5-1.fc28.x86_64/Source/WebCore/loader/cache/CachedFont.cpp:158
Michael Catanzaro
Comment 3 2018-09-10 17:33:21 PDT
Created attachment 349362 [details] Full backtrace
Michael Catanzaro
Comment 4 2018-09-10 18:24:20 PDT
Guess: probably the call to cairo_scaled_font_create() at the bottom of FontPlatformData::buildScaledFont is returning nullptr (though that would be a cairo bug as it is not documented to be nullable).
Lionir
Comment 5 2019-05-17 00:09:32 PDT
No longer crashes on : Epiphany : 3.33.1-1375a8e6d WebKitGTK 2.24.1
Michael Catanzaro
Comment 6 2019-05-17 09:47:14 PDT
Indeed, there were a lot of changes to this code recently. Let's assume fixed unless Jeremy can still reproduce.
Note You need to log in before you can comment on or make changes to this bug.