Bug 22256 - Reproduceable crash with @font-face and :first-letter pseudo class
Summary: Reproduceable crash with @font-face and :first-letter pseudo class
Status: RESOLVED DUPLICATE of bug 26963
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P1 Normal
Assignee: Nobody
URL: http://komendera.com/webkit/font-face...
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2008-11-14 00:00 PST by Dieter Komendera
Modified: 2009-10-28 01:34 PDT (History)
2 users (show)

See Also:

Attachments
crashlog for #22256 (26.25 KB, text/plain)
2008-11-14 00:02 PST, Dieter Komendera 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dieter Komendera 2008-11-14 00:00:19 PST 
Safari 3.1, 3.2 and WebKit r38386 on MacOS 10.5 crash on this testcase:
http://komendera.com/webkit/font-face-crash/article.html

The first letter of the paragraph is not displayed. Selecting the text of the header and the paragraph crashes the browser reproducibly. 

Stacktrace:
0   com.apple.WebCore             	0x00f65ab4 WebCore::GlyphPageTreeNode::getChild(WebCore::FontData const*, unsigned int) + 180
1   com.apple.WebCore             	0x00f26a34 WebCore::Font::glyphDataForCharacter(int, bool, bool) const + 196
2   com.apple.WebCore             	0x01457a20 WebCore::WidthIterator::advance(int, WebCore::GlyphBuffer*) + 1072
3   com.apple.WebCore             	0x00f25c89 WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::IntPoint const&, int, int, int) const + 89
4   com.apple.WebCore             	0x00f2652b WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::IntPoint const&, int, int, int) const + 187
Comment 1 Dieter Komendera 2008-11-14 00:02:51 PST 
Created attachment 25160 [details]
crashlog for #22256
Comment 2 Alexey Proskuryakov 2008-11-14 11:32:14 PST 
Confirmed with a local debug build of r38387. Interestingly, after opening and re-opening the page several times, the first letter was displayed, and in that case selecting the text didn't result in a crash.

Thread 0 Crashed:
0   com.apple.WebCore             	0x035230b4 WebCore::Font::glyphDataForCharacter(int, bool, bool) const + 402 (Font.cpp:168)
1   com.apple.WebCore             	0x03b8252d WebCore::WidthIterator::advance(int, WebCore::GlyphBuffer*) + 459 (WidthIterator.cpp:112)
2   com.apple.WebCore             	0x03522204 WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::IntPoint const&, int, int, int) const + 92 (Font.cpp:547)
3   com.apple.WebCore             	0x03522b1b WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::IntPoint const&, int, int, int) const + 199 (Font.cpp:537)
4   com.apple.WebCore             	0x03628f00 WebCore::InlineTextBox::selectionRect(int, int, int, int) + 522 (InlineTextBox.cpp:101)
5   com.apple.WebCore             	0x03851d65 WebCore::RenderText::selectionRect(bool) + 413 (RenderText.cpp:1117)
6   com.apple.WebCore             	0x03870654 WebCore::RenderObject::SelectionInfo::SelectionInfo(WebCore::RenderObject*, bool) + 92
Comment 3 mitz 2008-11-14 11:36:21 PST 
<rdar://problem/6372757>
Comment 4 Dieter Komendera 2009-10-28 01:14:32 PDT 
The testcase now works as expected with WebKit r50124 and Safari 4.0.3 (6531.9) on Snow Leopard.
The first letter is displayed and WebKit doesn't crash upon selecting it.

So it seems this was fixed?
Comment 5 mitz 2009-10-28 01:34:23 PDT 
(In reply to comment #4)
> The testcase now works as expected with WebKit r50124 and Safari 4.0.3 (6531.9)
> on Snow Leopard.
> The first letter is displayed and WebKit doesn't crash upon selecting it.
> 
> So it seems this was fixed?

This looks like bug 26963. Sorry that I didn’t notice this bug when I filed that one.

*** This bug has been marked as a duplicate of bug 26963 ***