WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
212427
REGRESSION (
r254541
): Valid mime types can only be added to the HashSet of the supported types for encoding
https://bugs.webkit.org/show_bug.cgi?id=212427
Summary
REGRESSION (r254541): Valid mime types can only be added to the HashSet of th...
Said Abou-Hallawa
Reported
2020-05-27 11:54:18 PDT
Sometimes we hit this crash when calling toDataURL on canvas: Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000010) [ 0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::StringImpl::is8Bit() const at StringImpl.h:285:34 0x00007fff3b6f2660: pushq %rbp 0x00007fff3b6f2661: movq %rsp, %rbp 0x00007fff3b6f2664: movq (%rdi), %rcx -> 0x00007fff3b6f2667: testb $0x4, 0x10(%rcx) 0x00007fff3b6f266b: jne 0x25f67a ; <+26> [inlined] WTF::StringImpl::characters8() const at StringHash.h:112 0x00007fff3b6f266d: movq 0x8(%rcx), %rdi 0x00007fff3b6f2671: movl 0x4(%rcx), %esi 0x00007fff3b6f2674: popq %rbp [ 0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::ASCIICaseInsensitiveHash::hash(WTF::StringImpl&) at StringHash.h:111 [ 0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::ASCIICaseInsensitiveHash::hash(WTF::StringImpl*) at StringHash.h:118 [ 0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::ASCIICaseInsensitiveHash::hash(WTF::String const&) + 3 at StringHash.h:164 [ 0] 0x00007fff3b6f2664 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) + 4 at HashTable.h:289 [ 1] 0x00007fff3b6f249a WebCore`WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add(WTF::String const&) [inlined] WTF::HashTableAddResult<WTF::HashTableIterator<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> > > WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add<WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>, WTF::String const&, WTF::String const&>(WTF::String const&, WTF::String const&) + 62 at HashTable.h:938:22 [ 1] 0x00007fff3b6f245c WebCore`WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add(WTF::String const&) + 28 at HashTable.h:466 [ 2] 0x00007fff3ce1fee4 WebCore`WebCore::MIMETypeRegistry::createMIMETypeRegistryThreadGlobalData() [inlined] WTF::HashSet<WTF::String, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String> >::add(WTF::String const&) + 15 at HashSet.h:239:19 [ 2] 0x00007fff3ce1fed5 WebCore`WebCore::MIMETypeRegistry::createMIMETypeRegistryThreadGlobalData() + 245 at MIMETypeRegistry.cpp:464 [ 3] 0x00007fff3ce368d1 WebCore`WebCore::ThreadGlobalData::mimeTypeRegistryThreadGlobalData() + 49 at ThreadGlobalData.cpp:124:46 [ 4] 0x00007fff3b6bd5e4 WebCore`WebCore::MIMETypeRegistry::isSupportedImageMIMETypeForEncoding(WTF::String const&) + 52 at MIMETypeRegistry.cpp:493:31 [ 5] 0x00007fff3c9e57fb WebCore`WebCore::HTMLCanvasElement::toDataURL(WTF::String const&, JSC::JSValue) [inlined] WebCore::toEncodingMimeType(WTF::String const&) + 7 at HTMLCanvasElement.cpp:662:10 [ 5] 0x00007fff3c9e57f4 WebCore`WebCore::HTMLCanvasElement::toDataURL(WTF::String const&, JSC::JSValue) + 164 at HTMLCanvasElement.cpp:690 [ 6] 0x00007fff3bb5a944 WebCore`WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURL(JSC::JSGlobalObject*, JSC::CallFrame*) [inlined] WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURLBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLCanvasElement*, JSC::ThrowScope&) + 111 at JSHTMLCanvasElement.cpp:333:93 [ 6] 0x00007fff3bb5a8d5 WebCore`WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURL(JSC::JSGlobalObject*, JSC::CallFrame*) [inlined] long long WebCore::IDLOperation<WebCore::JSHTMLCanvasElement>::call<&(WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURLBody(JSC::JSGl There might be a bug or a behavior change in the underlying frameworks when converting a UTI to a mime type. But WebKit has to check the validity of the mime type before adding it to the HashSet.
Attachments
Patch
(1.92 KB, patch)
2020-05-27 11:59 PDT
,
Said Abou-Hallawa
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Said Abou-Hallawa
Comment 1
2020-05-27 11:55:12 PDT
<
rdar://problem/63540492
>
Said Abou-Hallawa
Comment 2
2020-05-27 11:59:22 PDT
Created
attachment 400362
[details]
Patch
EWS
Comment 3
2020-05-27 12:48:57 PDT
Committed
r262208
: <
https://trac.webkit.org/changeset/262208
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 400362
[details]
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug