[Webkit-unassigned] [Bug 16996] New: Crash in createFontCustomPlatformData when loading 0-byte font via @font-face

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 24 14:54:17 PST 2008 

http://bugs.webkit.org/show_bug.cgi?id=16996

           Summary: Crash in createFontCustomPlatformData when loading 0-
                    byte font via @font-face
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: P2
         Component: Page Loading
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: aroben at apple.com
                CC: hyatt at apple.com, mitz at webkit.org, ddkilzer at webkit.org


Loading a page with an @font-face rule like so:

@font-face {
   font-family: EmptyFont;
   src: url(data:application/x-truetype-font,) format(truetype);
}

causes the following crash (the SharedBuffer is null):

        WebKit_debug.dll!WTF::Vector<char,0>::size()  Line 422 + 0x11 bytes    
C++
        WebKit_debug.dll!WebCore::SharedBuffer::size()  Line 51 C++
>	WebKit_debug.dll!WebCore::createFontCustomPlatformData(WebCore::SharedBuffer * buffer=0x00000000)  Line 67 + 0xe bytes	C++
        WebKit_debug.dll!WebCore::CachedFont::ensureCustomFontData()  Line 88 +
0x14 bytes      C++
        WebKit_debug.dll!WebCore::CSSFontFaceSource::getFontData(const
WebCore::FontDescription & fontDescription={...}, bool syntheticBold=false,
bool syntheticItalic=false, WebCore::CSSFontSelector * fontSelector=0x04ba47d0)
 Line 126 + 0xb bytes        C++
        WebKit_debug.dll!WebCore::CSSFontFace::getFontData(const
WebCore::FontDescription & fontDescription={...}, bool syntheticBold=false,
bool syntheticItalic=false)  Line 84 + 0x2e bytes  C++
        WebKit_debug.dll!WebCore::CSSSegmentedFontFace::getFontData(const
WebCore::FontDescription & fontDescription={...}, bool syntheticBold=false,
bool syntheticItalic=false)  Line 125 + 0x34 bytes        C++
        WebKit_debug.dll!WebCore::CSSFontSelector::getFontData(const
WebCore::FontDescription & fontDescription={...}, const WebCore::AtomicString &
familyName={...})  Line 359 + 0x1b bytes   C++
        WebKit_debug.dll!WebCore::FontCache::getFontData(const WebCore::Font &
font={...}, int & familyIndex=1, WebCore::FontSelector *
fontSelector=0x04ba47d0)  Line 237 + 0x21 bytes C++
        WebKit_debug.dll!WebCore::FontFallbackList::fontDataAt(const
WebCore::Font * font=0x04ab0c88, unsigned int realizedFontIndex=0)  Line 85 +
0x1c bytes   C++
        WebKit_debug.dll!WebCore::FontFallbackList::primaryFont(const
WebCore::Font * f=0x04ab0c88)  Line 56 + 0x1c bytes       C++
        WebKit_debug.dll!WebCore::FontFallbackList::determinePitch(const
WebCore::Font * font=0x04ab0c88)  Line 57 + 0xc bytes  C++
        WebKit_debug.dll!WebCore::FontFallbackList::isFixedPitch(const
WebCore::Font * f=0x04ab0c88)  Line 48 + 0x23 bytes      C++
        WebKit_debug.dll!WebCore::Font::isFixedPitch()  Line 542        C++
        WebKit_debug.dll!WebCore::RenderText::widthFromCache(const
WebCore::Font & f={...}, int start=0, int len=12, int xPos=0)  Line 408 + 0x8
bytes  C++
        WebKit_debug.dll!WebCore::RenderText::width(unsigned int from=0,
unsigned int len=12, const WebCore::Font & f={...}, int xPos=0)  Line 1042 +
0x18 bytes        C++
       
WebKit_debug.dll!WebCore::RenderBlock::findNextLineBreak(WebCore::BidiIterator
& start={...}, WebCore::BidiResolver<WebCore::BidiIterator,WebCore::BidiRun> &
bidi={...})  Line 1647 + 0x37 bytes       C++
        WebKit_debug.dll!WebCore::RenderBlock::layoutInlineChildren(bool
relayoutChildren=false, int & repaintTop=0, int & repaintBottom=0)  Line 969 +
0x1a bytes      C++
        WebKit_debug.dll!WebCore::RenderBlock::layoutBlock(bool
relayoutChildren=false)  Line 583       C++
        WebKit_debug.dll!WebCore::RenderBlock::layout()  Line 492 + 0x14 bytes 
C++
        WebKit_debug.dll!WebCore::RenderObject::layoutIfNeeded()  Line 489 +
0x30 bytes C++
        WebKit_debug.dll!WebCore::RenderBlock::layoutBlockChildren(bool
relayoutChildren=false, int & maxFloatBottom=0)  Line 1232      C++
        WebKit_debug.dll!WebCore::RenderBlock::layoutBlock(bool
relayoutChildren=false)  Line 587       C++
        WebKit_debug.dll!WebCore::RenderBlock::layout()  Line 492 + 0x14 bytes 
C++
        WebKit_debug.dll!WebCore::RenderObject::layoutIfNeeded()  Line 489 +
0x30 bytes C++
        WebKit_debug.dll!WebCore::RenderBlock::layoutBlockChildren(bool
relayoutChildren=false, int & maxFloatBottom=0)  Line 1232      C++
        WebKit_debug.dll!WebCore::RenderBlock::layoutBlock(bool
relayoutChildren=false)  Line 587       C++
        WebKit_debug.dll!WebCore::RenderBlock::layout()  Line 492 + 0x14 bytes 
C++
        WebKit_debug.dll!WebCore::RenderObject::layoutIfNeeded()  Line 489 +
0x30 bytes C++
        WebKit_debug.dll!WebCore::RenderBlock::layoutBlockChildren(bool
relayoutChildren=false, int & maxFloatBottom=0)  Line 1232      C++
        WebKit_debug.dll!WebCore::RenderBlock::layoutBlock(bool
relayoutChildren=false)  Line 587       C++
        WebKit_debug.dll!WebCore::RenderBlock::layout()  Line 492 + 0x14 bytes 
C++
        WebKit_debug.dll!WebCore::RenderView::layout()  Line 114        C++
        WebKit_debug.dll!WebCore::FrameView::layout(bool allowSubtree=true) 
Line 465 + 0x12 bytes      C++
        WebKit_debug.dll!WebCore::Document::updateLayout()  Line 1152   C++
        WebKit_debug.dll!WebCore::RenderLayer::hitTest(const
WebCore::HitTestRequest & request={...}, WebCore::HitTestResult & result={...})
 Line 1639 C++
        WebKit_debug.dll!WebCore::Document::prepareMouseEvent(const
WebCore::HitTestRequest & request={...}, const WebCore::IntPoint &
documentPoint={...}, const WebCore::PlatformMouseEvent & event={...})  Line
1848 C++
        WebKit_debug.dll!WebCore::EventHandler::prepareMouseEvent(const
WebCore::HitTestRequest & request={...}, const WebCore::PlatformMouseEvent &
mev={...})  Line 1229 + 0x21 bytes C++
        WebKit_debug.dll!WebCore::EventHandler::handleMouseMoveEvent(const
WebCore::PlatformMouseEvent & mouseEvent={...}, WebCore::HitTestResult *
hoveredNode=0x0012f664)  Line 998   C++
        WebKit_debug.dll!WebCore::EventHandler::mouseMoved(const
WebCore::PlatformMouseEvent & event={...})  Line 950 + 0x10 bytes      C++
        WebKit_debug.dll!WebView::handleMouseEvent(unsigned int message=512,
unsigned int wParam=0, long lParam=4849836)  Line 1217 + 0x1d bytes        C++
        WebKit_debug.dll!WebViewWndProc(HWND__ * hWnd=0x00070406, unsigned int
message=512, unsigned int wParam=0, long lParam=4849836)  Line 1635 + 0x14
bytes C++


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list