[Webkit-unassigned] [Bug 21953] Small Caps font crashes webkit
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 30 10:12:40 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=21953
------- Comment #1 from mihnea at adobe.com 2008-10-30 10:12 PDT -------
Hello,
I was able to reproduce the problem only on WindowsXP, never on Mac Leopard.
Here is a trace for the problem using the latest WebKit debug build on WinXP:
> WebKit.dll!WebCore::SimpleFontData::smallCapsFontData(const WebCore::FontDescription & fontDescription={...}) Line 101 + 0x3 bytes C++
WebKit.dll!WebCore::Font::glyphDataForCharacter(int c=581, bool
mirror=false, bool forceSmallCaps=false) Line 243 + 0xc bytes C++
WebKit.dll!WebCore::WidthIterator::advance(int offset=12,
WebCore::GlyphBuffer * glyphBuffer=0x00000000) Line 112 + 0x14 bytes C++
WebKit.dll!WebCore::Font::floatWidthForSimpleText(const
WebCore::TextRun & run={...}, WebCore::GlyphBuffer * glyphBuffer=0x00000000)
Line 525 C++
WebKit.dll!WebCore::Font::floatWidth(const WebCore::TextRun &
run={...}) Line 503 + 0xe bytes C++
WebKit.dll!WebCore::Font::width(const WebCore::TextRun & run={...})
Line 298 + 0xc bytes C++
WebKit.dll!WebCore::RenderText::widthFromCache(const WebCore::Font &
f={...}, int start=2, int len=12, int xPos=17) Line 393 C++
WebKit.dll!WebCore::RenderText::calcPrefWidths(int leadWidth=0) Line
600 + 0x1b bytes C++
WebKit.dll!WebCore::RenderText::trimmedPrefWidths(int leadWidth=0, int
& beginMinW=-858993460, bool & beginWS=true, int & endMinW=-858993460, bool &
endWS=true, bool & hasBreakableChar=true, bool & hasBreak=true, int &
beginMaxW=-858993460, int & endMaxW=-858993460, int & minW=0, int & maxW=0,
bool & stripFrontSpaces=true) Line 407 + 0x16 bytes C++
WebKit.dll!WebCore::RenderBlock::calcInlinePrefWidths() Line 4017
C++
WebKit.dll!WebCore::RenderBlock::calcPrefWidths() Line 3698 C++
WebKit.dll!WebCore::RenderBox::minPrefWidth() Line 215 + 0x12 bytes
C++
WebKit.dll!WebCore::RenderBox::calcWidthUsing(WebCore::WidthType
widthType=Width, int cw=950) Line 1368 + 0x12 bytes C++
WebKit.dll!WebCore::RenderBox::calcWidth() Line 1307 + 0xe bytes
C++
WebKit.dll!WebCore::RenderBlock::layoutBlock(bool
relayoutChildren=false) Line 604 + 0x12 bytes C++
WebKit.dll!WebCore::RenderBlock::layout() Line 565 + 0x14 bytes
C++
WebKit.dll!WebCore::RenderObject::layoutIfNeeded() Line 511 + 0x30
bytes C++
WebKit.dll!WebCore::RenderBlock::layoutInlineChildren(bool
relayoutChildren=true, int & repaintTop=0, int & repaintBottom=0) Line 848
C++
WebKit.dll!WebCore::RenderBlock::layoutBlock(bool
relayoutChildren=true) Line 657 C++
WebKit.dll!WebCore::RenderBlock::layout() Line 565 + 0x14 bytes
C++
WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool
relayoutChildren=true, int & maxFloatBottom=142) Line 1334 + 0x18 bytes
C++
WebKit.dll!WebCore::RenderBlock::layoutBlock(bool
relayoutChildren=true) Line 661 C++
WebKit.dll!WebCore::RenderBlock::layout() Line 565 + 0x14 bytes
C++
WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool
relayoutChildren=true, int & maxFloatBottom=0) Line 1334 + 0x18 bytes
C++
WebKit.dll!WebCore::RenderBlock::layoutBlock(bool
relayoutChildren=true) Line 661 C++
WebKit.dll!WebCore::RenderBlock::layout() Line 565 + 0x14 bytes
C++
WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool
relayoutChildren=true, int & maxFloatBottom=0) Line 1334 + 0x18 bytes
C++
WebKit.dll!WebCore::RenderBlock::layoutBlock(bool
relayoutChildren=true) Line 661 C++
WebKit.dll!WebCore::RenderBlock::layout() Line 565 + 0x14 bytes
C++
WebKit.dll!WebCore::RenderView::layout() Line 121 C++
WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 528
+ 0x12 bytes C++
WebKit.dll!WebCore::FrameView::layoutTimerFired(WebCore::Timer<WebCore::FrameView>
* __formal=0x01912c70) Line 736 C++
WebKit.dll!WebCore::Timer<WebCore::FrameView>::fired() Line 99 + 0x29
bytes C++
WebKit.dll!WebCore::TimerBase::fireTimers(double
fireTime=1225386376.5731516, const WTF::Vector<WebCore::TimerBase *,0> &
firingTimers={...}) Line 347 + 0xf bytes C++
WebKit.dll!WebCore::TimerBase::sharedTimerFired() Line 368 + 0x12
bytes C++
WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00130da0,
unsigned int message=49965, unsigned int wParam=0, long lParam=0) Line 102 +
0x8 bytes C++
user32.dll!_InternalCallWinProc at 20() + 0x28 bytes
user32.dll!_UserCallWinProcCheckWow at 32() + 0xb7 bytes
user32.dll!_DispatchMessageWorker at 8() + 0xdc bytes
user32.dll!_DispatchMessageW at 4() + 0xf bytes
Safari.exe!RSSPrefsDlg::`vector deleting destructor'() + 0x20f bytes
Safari.exe!run() + 0x9d bytes
Safari.exe!_wWinMain at 16() + 0x34b bytes
Safari.exe!_free() + 0x1a1 bytes
kernel32.dll!_BaseProcessStart at 4() + 0x23 bytes
In function const GlyphData& Font::glyphDataForCharacter(UChar32 c, bool
mirror, bool forceSmallCaps) const, the following code snippet shows the access
violation:
const SimpleFontData* characterFontData =
FontCache::getFontDataForCharacters(*this, codeUnits, codeUnitsLength);
if (useSmallCapsFont)
characterFontData =
characterFontData->smallCapsFontData(m_fontDescription);
useSmallCapsFont is true while loading the above URL but characterFontData is 0
after calling getFontDataForCharacters, therefore the access violation occurs.
Hope that helps,
Mihnea
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list