[Webkit-unassigned] [Bug 20950] New: Reproducible assertion failure running svg/custom/acid3-test-77.html multiple times under guard malloc

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 19 17:24:49 PDT 2008 

https://bugs.webkit.org/show_bug.cgi?id=20950

           Summary: Reproducible assertion failure running svg/custom/acid3-
                    test-77.html multiple times under guard malloc
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mrowe at apple.com


Running svg/custom/acid3-test-77.html twice in a row under guard malloc leads
to an assertion failure:

ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key)
(HashTable.h:443 void WTF::HashTable<Key, Value, Extractor, HashFunctions,
Traits, KeyTraits>::checkKey(const T&) [with T = UChar, HashTranslator =
WTF::IdentityHashTranslator<UChar, std::pair<UChar,
WTF::RefPtr<WebCore::GlyphMapNode> >, WTF::IntHash<unsigned int> >, Key =
UChar, Value = std::pair<UChar, WTF::RefPtr<WebCore::GlyphMapNode> >, Extractor
= WTF::PairFirstExtractor<std::pair<UChar, WTF::RefPtr<WebCore::GlyphMapNode> >
>, HashFunctions = WTF::IntHash<unsigned int>, Traits =
WTF::PairHashTraits<WTF::HashTraits<UChar>,
WTF::HashTraits<WTF::RefPtr<WebCore::GlyphMapNode> > >, KeyTraits =
WTF::HashTraits<UChar>])

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef
#0  0x03cd098b in WTF::HashTable<unsigned short, std::pair<unsigned short,
WTF::RefPtr<WebCore::GlyphMapNode> >,
WTF::PairFirstExtractor<std::pair<unsigned short,
WTF::RefPtr<WebCore::GlyphMapNode> > >, WTF::IntHash<unsigned int>,
WTF::PairHashTraits<WTF::HashTraits<unsigned short>,
WTF::HashTraits<WTF::RefPtr<WebCore::GlyphMapNode> > >,
WTF::HashTraits<unsigned short> >::checkKey<unsigned short,
WTF::IdentityHashTranslator<unsigned short, std::pair<unsigned short,
WTF::RefPtr<WebCore::GlyphMapNode> >, WTF::IntHash<unsigned int> > >
(this=0xd6b5cfe4, key=@0xbfffe056) at HashTable.h:443
#1  0x03cd0a5c in WTF::HashTable<unsigned short, std::pair<unsigned short,
WTF::RefPtr<WebCore::GlyphMapNode> >,
WTF::PairFirstExtractor<std::pair<unsigned short,
WTF::RefPtr<WebCore::GlyphMapNode> > >, WTF::IntHash<unsigned int>,
WTF::PairHashTraits<WTF::HashTraits<unsigned short>,
WTF::HashTraits<WTF::RefPtr<WebCore::GlyphMapNode> > >,
WTF::HashTraits<unsigned short> >::lookup<unsigned short,
WTF::IdentityHashTranslator<unsigned short, std::pair<unsigned short,
WTF::RefPtr<WebCore::GlyphMapNode> >, WTF::IntHash<unsigned int> > >
(this=0xd6b5cfe4, key=@0xbfffe056) at HashTable.h:457
#2  0x03cd0b26 in WTF::HashTable<unsigned short, std::pair<unsigned short,
WTF::RefPtr<WebCore::GlyphMapNode> >,
WTF::PairFirstExtractor<std::pair<unsigned short,
WTF::RefPtr<WebCore::GlyphMapNode> > >, WTF::IntHash<unsigned int>,
WTF::PairHashTraits<WTF::HashTraits<unsigned short>,
WTF::HashTraits<WTF::RefPtr<WebCore::GlyphMapNode> > >,
WTF::HashTraits<unsigned short> >::lookup (this=0xd6b5cfe4, key=@0xbfffe056) at
HashTable.h:330
#3  0x03cd0b40 in WTF::HashMap<unsigned short,
WTF::RefPtr<WebCore::GlyphMapNode>, WTF::IntHash<unsigned int>,
WTF::HashTraits<unsigned short>,
WTF::HashTraits<WTF::RefPtr<WebCore::GlyphMapNode> > >::get (this=0xd6b5cfe4,
key=@0xbfffe056) at HashMap.h:207
#4  0x03cd0bc5 in WebCore::SVGGlyphMap::get (this=0xd68f4fd4,
string=@0xbfffe144, glyphs=@0xbfffe138) at SVGGlyphMap.h:84
#5  0x03ccd68c in WebCore::SVGFontElement::getGlyphIdentifiersForString
(this=0xd68f4f30, string=@0xbfffe144, glyphs=@0xbfffe138) at
WebCore/svg/SVGFontElement.cpp:237
#6  0x03cd5699 in
WebCore::SVGTextRunWalker<WebCore::SVGTextRunWalkerMeasuredLengthData>::walk
(this=0xbfffe278, run=@0xbfffe390, isVerticalText=false, language=@0xbfffe28c,
from=0, to=1) at WebCore/svg/SVGFont.cpp:278
#7  0x03cd3c0d in floatWidthOfSubStringUsingSVGFont (font=0xd679cfa8,
run=@0xbfffe390, extraCharsAvailable=1, from=0, to=1,
charsConsumed=@0xbfffe420, glyphName=@0xbfffe41c) at
WebCore/svg/SVGFont.cpp:415
#8  0x03cd3ddb in WebCore::Font::floatWidthUsingSVGFont (this=0xd679cfa8,
run=@0xbfffe390, extraCharsAvailable=1, charsConsumed=@0xbfffe420,
glyphName=@0xbfffe41c) at WebCore/svg/SVGFont.cpp:433
#9  0x037ee0b9 in WebCore::Font::floatWidth (this=0xd679cfa8, run=@0xbfffe390,
extraCharsAvailable=1, charsConsumed=@0xbfffe420, glyphName=@0xbfffe41c) at
WebCore/platform/graphics/Font.cpp:724
#10 0x03ba10fa in WebCore::SVGInlineTextBox::calculateGlyphWidth
(this=0xd6b86fbc, style=0xd6794fbc, offset=2, extraCharsAvailable=1,
charsConsumed=@0xbfffe420, glyphName=@0xbfffe41c) at
WebCore/rendering/SVGInlineTextBox.cpp:80
#11 0x03bfc212 in WebCore::SVGInlineTextBoxQueryWalker::chunkPortionCallback
(this=0xbfffe5a8, textBox=0xd6b86fbc, startOffset=0, chunkCtm=@0xd6bdec4c,
start=@0xbfffe4ec, end=@0xbfffe4e8) at
WebCore/svg/SVGTextContentElement.cpp:201
#12 0x03c0018b in
WebCore::SVGTextChunkWalker<WebCore::SVGInlineTextBoxQueryWalker>::operator()
(this=0xbfffe5e8, textBox=0xd6b86fbc, startOffset=0, chunkCtm=@0xd6bdec4c,
start=@0xbfffe4ec, end=@0xbfffe4e8) at SVGCharacterLayoutInfo.h:342
#13 0x03be5e8f in WebCore::SVGRootInlineBox::walkTextChunks (this=0xd6b88f7c,
walker=0xbfffe5e8, textBox=0xd6b86fbc) at
WebCore/rendering/SVGRootInlineBox.cpp:1686
#14 0x03bfa999 in executeTextQuery (element=0xd2548e80,
mode=WebCore::SVGInlineTextBoxQueryWalker::EndPosition, startPosition=2,
length=0, referencePoint={m_x = 0, m_y = 0}) at
WebCore/svg/SVGTextContentElement.cpp:360
#15 0x03bfb32f in WebCore::SVGTextContentElement::getEndPositionOfChar
(this=0xd2548e80, charnum=2, ec=@0xbfffe728) at
WebCore/svg/SVGTextContentElement.cpp:417
#16 0x03a16958 in
WebCore::jsSVGTextContentElementPrototypeFunctionGetEndPositionOfChar
(exec=0xbfffe8cc, thisValue=0x1083560, args=@0xbfffe774) at
WebKitBuild/Debug/DerivedSources/WebCore/JSSVGTextContentElement.cpp:324
#17 0x004fbaa6 in JSC::Machine::cti_op_call_NotJSFunction (args=0xc74fbf90) at
JavaScriptCore/VM/Machine.cpp:4423


The Mac OS X Intel Debug build bot hits this assertion failure very, very
frequently.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list