[Webkit-unassigned] [Bug 23516] New: Downloadable font causes crash

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=23516

           Summary: Downloadable font causes crash
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
               URL: http://philip.html5.org/tests/font/atsui-kern-crash.html
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Text
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: excors at gmail.com


Steps to reproduce:
1) Start a new instance of WebKit on OS X.
2) Open http://philip.html5.org/tests/font/atsui-kern-crash.html

Expected result: A page with some text and a sort of underlined 'i'.

Actual result: Frequently (but not perfectly reproducibly) a crash. See
attached crash report.

The page uses @font-face to download a font (a heavily modified version of
Doulos SIL), which is used to render an 'i' followed by COMBINING MACRON BELOW.

The crash is seemingly somewhere in ATSUI while it's doing ProcessKerningRun.
I've no idea if it's possibly a security issue.

It affects other ATSUI users, including Opera and Firefox, but apparently the
Firefox developers were told by Apple (in the context of a different crash bug)
that they should be using Core Text instead of ATSUI and so the underlying
ATSUI bugs wouldn't be fixed. In any case, this bug causes WebKit to crash and
so it should be fixed on some layer.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.