WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
278871
Crash deep under WebCore::FontCascadeCache::retrieveOrAddCachedFonts
https://bugs.webkit.org/show_bug.cgi?id=278871
Summary
Crash deep under WebCore::FontCascadeCache::retrieveOrAddCachedFonts
Michael Catanzaro
Reported
2024-08-29 11:12:24 PDT
Created
attachment 472348
[details]
Full backtrace Not sure which website I was visiting at the time of this crash. Full backtrace attached. #0 WTF::SuperFastHash::computeHashImpl<char16_t, WTF::ASCIICaseInsensitiveHash::FoldCase> (characters=Python Exception <class 'gdb.error'>: value has been optimized out ) at WTF/Headers/wtf/text/SuperFastHash.h:231 #1 WTF::SuperFastHash::computeHashAndMaskTop8Bits<char16_t, WTF::ASCIICaseInsensitiveHash::FoldCase> (data=Python Exception <class 'gdb.error'>: value has been optimized out ) at WTF/Headers/wtf/text/SuperFastHash.h:151 #2 WTF::StringHasher::computeHashAndMaskTop8Bits<char16_t, WTF::ASCIICaseInsensitiveHash::FoldCase> (data=Python Exception <class 'gdb.error'>: value has been optimized out ) at WTF/Headers/wtf/text/StringHasherInlines.h:38 #3 WTF::ASCIICaseInsensitiveHash::hash<char16_t> (characters=Python Exception <class 'gdb.error'>: value has been optimized out ) at WTF/Headers/wtf/text/StringHash.h:124 #4 WTF::ASCIICaseInsensitiveHash::hash (string=<optimized out>) at WTF/Headers/wtf/text/StringHash.h:131 #5 0x00007fc8a7645dd7 in WTF::ASCIICaseInsensitiveHash::hash (string=0x7fc88aea88a0, string@entry=0x7ffe4d319e08) at WTF/Headers/wtf/text/StringHash.h:136 #6 WTF::ASCIICaseInsensitiveHash::hash (key=<error reading variable: Cannot access memory at address 0x10002>) at WTF/Headers/wtf/text/StringHash.h:186 #7 WebCore::FontCascadeDescription::familyNameHash (family=<error reading variable: Cannot access memory at address 0x10002>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCascadeDescription.cpp:129 #8 WebCore::add (hasher=..., name=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCascadeCache.cpp:54 #9 WTF::add<WTF::Vector<WebCore::FontFamilyName, 3ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> > (hasher=..., container=<optimized out>) at WTF/Headers/wtf/Hasher.h:148 #10 WTF::add<WebCore::FontDescriptionKey, WTF::Vector<WebCore::FontFamilyName, 3ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, unsigned int, unsigned int> (hasher=..., value1=<optimized out>, value2=<optimized out>, otherValues=@0x7fc69f4087e0: 105, otherValues=@0x7fc69f4087e4: 190) at WTF/Headers/wtf/Hasher.h:197 #11 0x00007fc8a7645c99 in WebCore::add (hasher=..., key=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCascadeCache.h:237 #12 WTF::addArgs<WebCore::FontCascadeCacheKey> (hasher=..., arg=...) at WTF/Headers/wtf/Hasher.h:157 #13 WTF::computeHash<WebCore::FontCascadeCacheKey> (values=...) at WTF/Headers/wtf/Hasher.h:45 #14 WebCore::FontCascadeCacheKeyHash::hash (key=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCascadeCache.h:248 #15 WTF::IdentityHashTranslator<WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHash>::hash<WebCore::FontCascadeCacheKey> (key=...) at WTF/Headers/wtf/HashTable.h:301 #16 WTF::HashTable<WebCore::FontCascadeCacheKey, WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > > >, WebCore::FontCascadeCacheKeyHash, WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHashTraits>::lookupForReinsert<WTF::IdentityHashTranslator<WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHash>, WebCore::FontCascadeCacheKey> (this=<optimized out>, key=<optimized out>) at WTF/Headers/wtf/HashTable.h:734 #17 WTF::HashTable<WebCore::FontCascadeCacheKey, WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > > >, WebCore::FontCascadeCacheKeyHash, WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHashTraits>::lookupForReinsert (this=0x7fc88a018ef0, key=...) at WTF/Headers/wtf/HashTable.h:536 #18 0x00007fc8a7645ae4 in WTF::HashTable<WebCore::FontCascadeCacheKey, WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > > >, WebCore::FontCascadeCacheKeyHash, WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHashTraits>::reinsert (this=0x7fc88a018ef0, entry=...) at WTF/Headers/wtf/HashTable.h:1004 #19 WTF::HashTable<WebCore::FontCascadeCacheKey, WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > > >, WebCore::FontCascadeCacheKeyHash, WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHashTraits>::rehash (this=0x7fc88a018ef0, newTableSize=<optimized out>, entry=0x7fc69f40ad70) at WTF/Headers/wtf/HashTable.h:1297 #20 0x00007fc8a763ef24 in WTF::HashTable<WebCore::FontCascadeCacheKey, WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > > >, WebCore::FontCascadeCacheKeyHash, WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHashTraits>::expand (this=<optimized out>, entry=<optimized out>) at WTF/Headers/wtf/HashTable.h:1192 #21 _ZN3WTF9HashTableIN7WebCore19FontCascadeCacheKeyENS_12KeyValuePairIS2_St10unique_ptrINS1_21FontCascadeCacheEntryESt14default_deleteIS5_EEEENS_24KeyValuePairKeyExtractorIS9_EENS1_23FontCascadeCacheKeyHashENS_7HashMapIS2_S8_SC_NS1_29FontCascadeCacheKeyHashTraitsENS_10HashTraitsIS8_EENS_15HashTableTraitsEE18KeyValuePairTraitsESE_E3addINS_17HashMapTranslatorISJ_SC_EERKS2_TkSt9invocableZNSI_9inlineAddISP_DnEENS_18HashTableAddResultINS_17HashTableIteratorISK_S2_S9_SB_SC_SJ_SE_EEEEOT_OT0_EUlvE_EESU_SY_RKT1_ (this=0x7fc88a018ef0, functor=..., key=<optimized out>) at WTF/Headers/wtf/HashTable.h:946 #22 WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::inlineAdd<WebCore::FontCascadeCacheKey const&, decltype(nullptr)>(WebCore::FontCascadeCacheKey const&, decltype(nullptr)&&) (this=0x7fc88a018ef0, value=<optimized out>, key=<optimized out>) at WTF/Headers/wtf/HashMap.h:423 --Type <RET> for more, q to quit, c to continue without paging--c #23 WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::add<decltype(nullptr)>(WebCore::FontCascadeCacheKey const&, decltype(nullptr)&&) (this=0x7fc88a018ef0, key=..., mapped=<error reading variable: Attempt to dereference a generic pointer.>) at WTF/Headers/wtf/HashMap.h:465 #24 0x00007fc8a7634f89 in WebCore::FontCascadeCache::retrieveOrAddCachedFonts (this=0x7fc88a018ef0, fontDescription=..., fontSelector=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCascadeCache.cpp:105 #25 0x00007fc8a763710b in WebCore::FontCache::updateFontCascade (this=0x9e3779b9, fontCascade=..., fontSelector=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCache.cpp:351 #26 WebCore::FontCascade::update (this=0x7fc68e06e498, fontSelector=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCascade.cpp:150 #27 0x00007fc8a7b736a2 in WebCore::Style::resolveForDocument (document=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/style/StyleResolveForDocument.cpp:103 #28 0x00007fc8a6d5c159 in WebCore::Document::resolveStyle (this=0x7fc87e11ea00, type=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/dom/Document.cpp:2552 #29 0x00007fc8a6d5cc62 in WebCore::Document::updateStyleIfNeeded (this=0x7fc87e11ea00) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/dom/Document.cpp:2700 #30 0x00007fc8a756b89f in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7fc88a0e9110) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/ThreadTimers.cpp:125 #31 0x00007fc8a448d025 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::operator()(void*) const (userData=0x7fc8a971b1c8 <WebCore::MainThreadSharedTimer::singleton()::instance+16>, this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:177 #32 WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*) (userData=0x7fc8a971b1c8 <WebCore::MainThreadSharedTimer::singleton()::instance+16>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:169 #33 0x00007fc8a448c0f1 in WTF::RunLoop::$_0::operator() (source=0x5646ffedc9e0, callback=0x7fc8a448cf90 <WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*)>, userData=0x7fc8a971b1c8 <WebCore::MainThreadSharedTimer::singleton()::instance+16>, this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #34 WTF::RunLoop::$_0::__invoke (source=0x5646ffedc9e0, callback=0x7fc8a448cf90 <WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*)>, userData=0x7fc8a971b1c8 <WebCore::MainThreadSharedTimer::singleton()::instance+16>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:45 #35 0x00007fc8a0912b27 in g_main_dispatch (context=context@entry=0x5646ffd4ff60) at ../glib/gmain.c:3357 #36 0x00007fc8a0914df7 in g_main_context_dispatch_unlocked (context=0x5646ffd4ff60) at ../glib/gmain.c:4208 #37 g_main_context_iterate_unlocked (context=0x5646ffd4ff60, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4273 #38 0x00007fc8a09158d7 in g_main_loop_run (loop=0x5646ffd48860) at ../glib/gmain.c:4475 #39 0x00007fc8a448c6ed in WTF::RunLoop::run () at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:108 #40 0x00007fc8a5c19e8f in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run (this=0x7ffe4d31a8b0, argc=<optimized out>, argv=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:72 #41 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk> (argc=<optimized out>, argv=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:98 #42 WebKit::WebProcessMain (argc=4, argv=0x7ffe4d31aa48) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:106 #43 0x00007fc8a4c2f148 in __libc_start_call_main (main=main@entry=0x5646fbf46150 <main(int, char**)>, argc=argc@entry=4, argv=argv@entry=0x7ffe4d31aa48) at ../sysdeps/nptl/libc_start_call_main.h:58 #44 0x00007fc8a4c2f20b in __libc_start_main_impl (main=0x5646fbf46150 <main(int, char**)>, argc=4, argv=0x7ffe4d31aa48, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe4d31aa38) at ../csu/libc-start.c:360 #45 0x00005646fbf46085 in _start () at ../sysdeps/x86_64/start.S:115
Attachments
Full backtrace
(50.14 KB, text/plain)
2024-08-29 11:12 PDT
,
Michael Catanzaro
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Michael Catanzaro
Comment 1
2024-08-29 11:12:49 PDT
(This was with WebKitGTK 2.45.91)
Radar WebKit Bug Importer
Comment 2
2024-09-05 11:13:15 PDT
<
rdar://problem/135357671
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug