Bug 189700 - [GTK] Address sanitizer failure in ~FontTaggedSettings
Summary: [GTK] Address sanitizer failure in ~FontTaggedSettings
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-09-18 07:43 PDT by Patrick Griffis
Modified: 2022-01-31 08:38 PST (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick Griffis 2018-09-18 07:43:49 PDT 
Reproducible on trunk with GTK Minibrowser:

==9666==AddressSanitizer CHECK failed: /build/gcc/src/gcc/libsanitizer/asan/asan_poisoning.cc:37 "((AddrIsInMem(addr + size - (1ULL << kDefaultShadowScale)))) != (0)" (0x0, 0x0)
    #0 0x7f2d26ac2b78 in AsanCheckFailed /build/gcc/src/gcc/libsanitizer/asan/asan_rtl.cc:67
    #1 0x7f2d26adffed in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_termination.cc:77
    #2 0x7f2d26abb4ec in __asan::PoisonShadow(unsigned long, unsigned long, unsigned char) /build/gcc/src/gcc/libsanitizer/asan/asan_poisoning.cc:37
    #3 0x7f2d26abd883 in __sanitizer_annotate_contiguous_container /build/gcc/src/gcc/libsanitizer/asan/asan_poisoning.cc:389
    #4 0x7f2d214218bd in WTF::Vector<WebCore::FontTaggedSetting<int>, 0ul, WTF::CrashOnOverflow, 16ul>::asanSetBufferSizeToFullCapacity(unsigned long) DerivedSources/ForwardingHeaders/wtf/Vector.h:1148
    #5 0x7f2d214218bd in WTF::Vector<WebCore::FontTaggedSetting<int>, 0ul, WTF::CrashOnOverflow, 16ul>::~Vector() DerivedSources/ForwardingHeaders/wtf/Vector.h:672
    #6 0x7f2d214218bd in WebCore::FontTaggedSettings<int>::~FontTaggedSettings() /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/platform/graphics/FontTaggedSettings.h:105
    #7 0x7f2d214218bd in WebCore::FontDescriptionKey::~FontDescriptionKey() /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/platform/graphics/FontCache.h:71
    #8 0x7f2d214218bd in bool WTF::HashTraitsEmptyValueChecker<WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, false>::isEmptyValue<WebCore::FontDescriptionKey>(WebCore::FontDescriptionKey const&) DerivedSources/ForwardingHeaders/wtf/HashTraits.h:233
    #9 0x7f2d214218bd in bool WTF::isHashTraitsEmptyValue<WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WebCore::FontDescriptionKey>(WebCore::FontDescriptionKey const&) DerivedSources/ForwardingHeaders/wtf/HashTraits.h:237
    #10 0x7f2d214218bd in WTF::HashTable<WebCore::FontDescriptionKey, WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges> >, WebCore::FontDescriptionKeyHash, WTF::HashMap<WebCore::FontDescriptionKey, WebCore::FontRanges, WebCore::FontDescriptionKeyHash, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WTF::HashTraits<WebCore::FontRanges> >::KeyValuePairTraits, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey> >::isEmptyBucket(WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges> const&) DerivedSources/ForwardingHeaders/wtf/HashTable.h:411
    #11 0x7f2d214218bd in WTF::HashTableAddResult<WTF::HashTableIterator<WebCore::FontDescriptionKey, WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges> >, WebCore::FontDescriptionKeyHash, WTF::HashMap<WebCore::FontDescriptionKey, WebCore::FontRanges, WebCore::FontDescriptionKeyHash, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WTF::HashTraits<WebCore::FontRanges> >::KeyValuePairTraits, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey> > > WTF::HashTable<WebCore::FontDescriptionKey, WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges> >, WebCore::FontDescriptionKeyHash, WTF::HashMap<WebCore::FontDescriptionKey, WebCore::FontRanges, WebCore::FontDescriptionKeyHash, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WTF::HashTraits<WebCore::FontRanges> >::KeyValuePairTraits, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey> >::add<WTF::HashMapTranslator<WTF::HashMap<WebCore::FontDescriptionKey, WebCore::FontRanges, WebCore::FontDescriptionKeyHash, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WTF::HashTraits<WebCore::FontRanges> >::KeyValuePairTraits, WebCore::FontDescriptionKeyHash>, WebCore::FontDescriptionKey, WebCore::FontRanges>(WebCore::FontDescriptionKey&&, WebCore::FontRanges&&) DerivedSources/ForwardingHeaders/wtf/HashTable.h:897
    #12 0x7f2d214218bd in WTF::HashTableAddResult<WTF::HashTableIterator<WebCore::FontDescriptionKey, WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges> >, WebCore::FontDescriptionKeyHash, WTF::HashMap<WebCore::FontDescriptionKey, WebCore::FontRanges, WebCore::FontDescriptionKeyHash, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WTF::HashTraits<WebCore::FontRanges> >::KeyValuePairTraits, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey> > > WTF::HashMap<WebCore::FontDescriptionKey, WebCore::FontRanges, WebCore::FontDescriptionKeyHash, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WTF::HashTraits<WebCore::FontRanges> >::inlineAdd<WebCore::FontDescriptionKey, WebCore::FontRanges>(WebCore::FontDescriptionKey&&, WebCore::FontRanges&&) DerivedSources/ForwardingHeaders/wtf/HashMap.h:346
    #13 0x7f2d214218bd in WTF::HashTableAddResult<WTF::HashTableIterator<WebCore::FontDescriptionKey, WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges> >, WebCore::FontDescriptionKeyHash, WTF::HashMap<WebCore::FontDescriptionKey, WebCore::FontRanges, WebCore::FontDescriptionKeyHash, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WTF::HashTraits<WebCore::FontRanges> >::KeyValuePairTraits, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey> > > WTF::HashMap<WebCore::FontDescriptionKey, WebCore::FontRanges, WebCore::FontDescriptionKeyHash, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WTF::HashTraits<WebCore::FontRanges> >::add<WebCore::FontRanges>(WebCore::FontDescriptionKey&&, WebCore::FontRanges&&) DerivedSources/ForwardingHeaders/wtf/HashMap.h:388
    #14 0x7f2d214218bd in WebCore::CSSSegmentedFontFace::fontRanges(WebCore::FontDescription const&) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/css/CSSSegmentedFontFace.cpp:113
    #15 0x7f2d21388716 in WebCore::CSSFontSelector::fontRangesForFamily(WebCore::FontDescription const&, WTF::AtomicString const&) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/css/CSSFontSelector.cpp:318
    #16 0x7f2d230e992f in __visit<WTF::Visitor<WebCore::realizeNextFallback(const WebCore::FontCascadeDescription&, unsigned int&, WebCore::FontSelector*)::<lambda(const WTF::AtomicString&)>, WebCore::realizeNextFallback(const WebCore::FontCascadeDescription&, unsigned int&, WebCore::FontSelector*)::<lambda(const FontFamilyPlatformSpecification&)> >, const WTF::Variant<WTF::AtomicString, WebCore::FontFamilySpecificationNull> > /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/platform/graphics/FontCascadeFonts.cpp:147
    #17 0x7f2d230e992f in __visit<WTF::Visitor<WebCore::realizeNextFallback(const WebCore::FontCascadeDescription&, unsigned int&, WebCore::FontSelector*)::<lambda(const WTF::AtomicString&)>, WebCore::realizeNextFallback(const WebCore::FontCascadeDescription&, unsigned int&, WebCore::FontSelector*)::<lambda(const FontFamilyPlatformSpecification&)> >, const WTF::Variant<WTF::AtomicString, WebCore::FontFamilySpecificationNull>&> DerivedSources/ForwardingHeaders/wtf/Variant.h:1940
    #18 0x7f2d230e992f in __visit<WTF::Visitor<WebCore::realizeNextFallback(const WebCore::FontCascadeDescription&, unsigned int&, WebCore::FontSelector*)::<lambda(const WTF::AtomicString&)>, WebCore::realizeNextFallback(const WebCore::FontCascadeDescription&, unsigned int&, WebCore::FontSelector*)::<lambda(const FontFamilyPlatformSpecification&)> >, const WTF::Variant<WTF::AtomicString, WebCore::FontFamilySpecificationNull>&> DerivedSources/ForwardingHeaders/wtf/Variant.h:1940
    #19 0x7f2d230e992f in __visit<WTF::Visitor<WebCore::realizeNextFallback(const WebCore::FontCascadeDescription&, unsigned int&, WebCore::FontSelector*)::<lambda(const WTF::AtomicString&)>, WebCore::realizeNextFallback(const WebCore::FontCascadeDescription&, unsigned int&, WebCore::FontSelector*)::<lambda(const FontFamilyPlatformSpecification&)> >, const WTF::Variant<WTF::AtomicString, WebCore::FontFamilySpecificationNull>&> DerivedSources/ForwardingHeaders/wtf/Variant.h:1982
    #20 0x7f2d230e992f in visit<WTF::Visitor<WebCore::realizeNextFallback(const WebCore::FontCascadeDescription&, unsigned int&, WebCore::FontSelector*)::<lambda(const WTF::AtomicString&)>, WebCore::realizeNextFallback(const WebCore::FontCascadeDescription&, unsigned int&, WebCore::FontSelector*)::<lambda(const FontFamilyPlatformSpecification&)> >&, const WTF::Variant<WTF::AtomicString, WebCore::FontFamilySpecificationNull>&> DerivedSources/ForwardingHeaders/wtf/Variant.h:1990
    #21 0x7f2d230e992f in realizeNextFallback /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/platform/graphics/FontCascadeFonts.cpp:158
    #22 0x7f2d230ea969 in WebCore::FontCascadeFonts::realizeFallbackRangesAt(WebCore::FontCascadeDescription const&, unsigned int) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/platform/graphics/FontCascadeFonts.cpp:184
    #23 0x7f2d23113a39 in WebCore::FontCascadeFonts::primaryFont(WebCore::FontCascadeDescription const&) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/platform/graphics/FontCascadeFonts.h:128
    #24 0x7f2d24037e8c in WebCore::FontCascade::primaryFont() const /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/platform/graphics/FontCascade.h:330
    #25 0x7f2d24037e8c in WebCore::FontCascade::fontMetrics() const /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/platform/graphics/FontCascade.h:162
    #26 0x7f2d24037e8c in WebCore::RenderStyle::fontMetrics() const /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/rendering/style/RenderStyle.cpp:1518
    #27 0x7f2d21412dd0 in WebCore::CSSPrimitiveValue::computeNonCalcLengthDouble(WebCore::CSSToLengthConversionData const&, WebCore::CSSPrimitiveValue::UnitType, double) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/css/CSSPrimitiveValue.cpp:648
    #28 0x7f2d214133a9 in WebCore::CSSPrimitiveValue::computeLengthDouble(WebCore::CSSToLengthConversionData const&) const /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/css/CSSPrimitiveValue.cpp:629
    #29 0x7f2d21413496 in WebCore::Length WebCore::CSSPrimitiveValue::computeLength<WebCore::Length>(WebCore::CSSToLengthConversionData const&) const /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/css/CSSPrimitiveValue.cpp:600
    #30 0x7f2d2071bbc0 in WebCore::StyleBuilderConverter::convertLength(WebCore::StyleResolver&, WebCore::CSSValue const&) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/css/StyleBuilderConverter.h:186
    #31 0x7f2d2071ff0d in WebCore::StyleBuilderConverter::convertLengthOrAuto(WebCore::StyleResolver&, WebCore::CSSValue const&) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/css/StyleBuilderConverter.h:205
    #32 0x7f2d2071ff0d in WebCore::StyleBuilderFunctions::applyValueMarginBottom(WebCore::StyleResolver&, WebCore::CSSValue&) DerivedSources/WebCore/StyleBuilder.cpp:2336
    #33 0x7f2d206793da in WebCore::StyleBuilder::applyProperty(WebCore::CSSPropertyID, WebCore::StyleResolver&, WebCore::CSSValue&, bool, bool) DerivedSources/WebCore/StyleBuilder.cpp:6576
    #34 0x7f2d215c37fb in WebCore::StyleResolver::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue*, WebCore::SelectorChecker::LinkMatchMask, WebCore::StyleResolver::MatchResult const*) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/css/StyleResolver.cpp:1705
    #35 0x7f2d215c6019 in WebCore::StyleResolver::CascadedProperties::Property::apply(WebCore::StyleResolver&, WebCore::StyleResolver::MatchResult const*) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/css/StyleResolver.cpp:2248
    #36 0x7f2d215c6537 in WebCore::StyleResolver::applyCascadedProperties(WebCore::StyleResolver::CascadedProperties&, int, int, WebCore::StyleResolver::MatchResult const*) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/css/StyleResolver.cpp:2284
    #37 0x7f2d215ce857 in WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const&, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/css/StyleResolver.cpp:1418
    #38 0x7f2d215d0e0f in WebCore::StyleResolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::SelectorFilter const*) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/css/StyleResolver.cpp:395
    #39 0x7f2d242a20d2 in WebCore::Style::TreeResolver::styleForElement(WebCore::Element&, WebCore::RenderStyle const&) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/style/StyleTreeResolver.cpp:131
    #40 0x7f2d242a29f7 in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/style/StyleTreeResolver.cpp:201
    #41 0x7f2d242a95bc in WebCore::Style::TreeResolver::resolveComposedTree() /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/style/StyleTreeResolver.cpp:498
    #42 0x7f2d242ac17d in WebCore::Style::TreeResolver::resolve() /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/style/StyleTreeResolver.cpp:556
    #43 0x7f2d218a91b6 in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/dom/Document.cpp:1902
    #44 0x7f2d218aa8ef in WebCore::Document::updateStyleIfNeeded() /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/dom/Document.cpp:2023
    #45 0x7f2d218a7762 in WebCore::Document::implicitClose() /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/dom/Document.cpp:2932
    #46 0x7f2d227d0266 in WebCore::FrameLoader::checkCallImplicitClose() /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/loader/FrameLoader.cpp:957
    #47 0x7f2d2280a6db in WebCore::FrameLoader::checkCompleted() /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/loader/FrameLoader.cpp:898
    #48 0x7f2d2280ad2c in WebCore::FrameLoader::loadDone(WebCore::LoadCompletionType) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/loader/FrameLoader.cpp:800
    #49 0x7f2d2297e52b in WebCore::CachedResourceLoader::loadDone(WebCore::LoadCompletionType, bool) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/loader/cache/CachedResourceLoader.cpp:1315
    #50 0x7f2d228c857c in WebCore::SubresourceLoader::notifyDone(WebCore::LoadCompletionType) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:742
    #51 0x7f2d228e6db8 in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) /home/tingping/jhbuild/checkout/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:642
    #52 0x7f2d1ece7e3b in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) /home/tingping/jhbuild/checkout/WebKit/Source/WebKit/WebProcess/Network/WebResourceLoader.cpp:162
    #53 0x7f2d1dc9eea3 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>&&, std::integer_sequence<unsigned long, 0ul>) /home/tingping/jhbuild/checkout/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:41
    #54 0x7f2d1dc9eea3 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>, std::integer_sequence<unsigned long, 0ul> >(std::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) /home/tingping/jhbuild/checkout/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:47
    #55 0x7f2d1dc9eea3 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) /home/tingping/jhbuild/checkout/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:133
    #56 0x7f2d1dc9c176 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) DerivedSources/WebKit/WebResourceLoaderMessageReceiver.cpp:66
    #57 0x7f2d1ece55e6 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) /home/tingping/jhbuild/checkout/WebKit/Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp:72
    #58 0x7f2d1dfaa449 in IPC::Connection::dispatchMessage(IPC::Decoder&) /home/tingping/jhbuild/checkout/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:957
    #59 0x7f2d1dfc4fb2 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) /home/tingping/jhbuild/checkout/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:984
    #60 0x7f2d1dfc8c3c in IPC::Connection::dispatchOneIncomingMessage() /home/tingping/jhbuild/checkout/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1053
    #61 0x7f2d1dfca14c in operator() /home/tingping/jhbuild/checkout/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:950
    #62 0x7f2d1dfca14c in call DerivedSources/ForwardingHeaders/wtf/Function.h:101
    #63 0x7f2d1c271b39 in WTF::Function<void ()>::operator()() const /home/tingping/jhbuild/checkout/WebKit/Source/WTF/wtf/Function.h:56
    #64 0x7f2d1c271b39 in WTF::RunLoop::performWork() /home/tingping/jhbuild/checkout/WebKit/Source/WTF/wtf/RunLoop.cpp:123
    #65 0x7f2d1c325ec8 in operator() /home/tingping/jhbuild/checkout/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:68
    #66 0x7f2d1c325ec8 in _FUN /home/tingping/jhbuild/checkout/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:70
    #67 0x7f2d1c325f0a in operator() /home/tingping/jhbuild/checkout/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:45
    #68 0x7f2d1c325f0a in _FUN /home/tingping/jhbuild/checkout/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:46
    #69 0x7f2d13cafad7 in g_main_dispatch ../../../../jhbuild/checkout/glib/glib/gmain.c:3182
    #70 0x7f2d13cafad7 in g_main_context_dispatch ../../../../jhbuild/checkout/glib/glib/gmain.c:3847
    #71 0x7f2d13cafec7 in g_main_context_iterate ../../../../jhbuild/checkout/glib/glib/gmain.c:3920
    #72 0x7f2d13cb01c1 in g_main_loop_run ../../../../jhbuild/checkout/glib/glib/gmain.c:4116
    #73 0x7f2d1c328b3e in WTF::RunLoop::run() /home/tingping/jhbuild/checkout/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:96
    #74 0x7f2d1f026ec1 in int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) /home/tingping/jhbuild/checkout/WebKit/Source/WebKit/Shared/unix/ChildProcessMain.h:61
    #75 0x7f2d1f01eb98 in WebProcessMainUnix /home/tingping/jhbuild/checkout/WebKit/Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:67
    #76 0x5594896cae92 in main /home/tingping/jhbuild/checkout/WebKit/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp:52
    #77 0x7f2d12453222 in __libc_start_main (/usr/lib/libc.so.6+0x24222)
    #78 0x5594896caefd in _start (/home/tingping/jhbuild/install/libexec/webkit2gtk-4.0/WebKitWebProcess+0xefd)
Comment 1 Radar WebKit Bug Importer 2018-09-18 07:44:15 PDT 
<rdar://problem/44559582>
Comment 2 Michael Catanzaro 2018-09-18 07:53:04 PDT 
This happens on every website?
Comment 3 Carlos Garcia Campos 2018-09-18 08:05:11 PDT 
Why is this GTK+ specific?
Comment 4 Michael Catanzaro 2018-09-18 08:08:27 PDT 
It might not be, but it's deep in font code and I don't trust our font code. If it's happening on every website then I presume it would have been reported already if it affected Apple.
Comment 5 Carlos Garcia Campos 2018-09-18 08:13:44 PDT 
In that case it would be FreeType or [GTK][WPE] but I don't see any platform specific class in the backtrace.
Comment 6 Patrick Griffis 2018-09-18 11:04:25 PDT 
(In reply to Michael Catanzaro from comment #2)
> This happens on every website?

Just some random testing

Sites that trigger it:
- webkitgtk.org
- youtube.com
- github.com

Sites that don't trigger it:

- google.com
- bugs.webkit.org
Comment 7 Michael Catanzaro 2018-09-18 12:59:11 PDT 
(In reply to Patrick Griffis from comment #0)
> Reproducible on trunk with GTK Minibrowser:
> 
> ==9666==AddressSanitizer CHECK failed:
> /build/gcc/src/gcc/libsanitizer/asan/asan_poisoning.cc:37
> "((AddrIsInMem(addr + size - (1ULL << kDefaultShadowScale)))) != (0)" (0x0,
> 0x0)

Pretty sure this is an internal asan assertion failure. This would be our second asan bug this summer (after bug #186980).