[Webkit-unassigned] [Bug 26963] New: Reproducible crash at FontCache::getFontData() when a custom font is used in a pseudo-style

Sat Jul 4 00:12:19 PDT 2009

https://bugs.webkit.org/show_bug.cgi?id=26963

           Summary: Reproducible crash at FontCache::getFontData() when a
                    custom font is used in a pseudo-style
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: http://craigmod.com/journal/font-face/
        OS/Version: Mac OS X 10.5
            Status: NEW
          Keywords: HasReduction, InRadar
          Severity: Major
          Priority: P1
         Component: Text
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mitz at webkit.org
                CC: simon.fraser at apple.com

Created an attachment (id=32254)
 --> (https://bugs.webkit.org/attachment.cgi?id=32254)
Test case (will crash)

<rdar://problem/7030998>
The page at the URL frequently causes a crash at FontCache::getFontData(),
especially if repainting or relayout is forced repeatedly while the page is
loading.

The problem is that when a custom font is used only in a cached pseudo-style,
the invalidation mechanism for when the font is loaded, which is based on
forcing a style recalc on the document, does not reach the cached pseudo-style,
so they it is left pointing at stale FontData.

The attached test case demonstrates the problem: first of all, even when it is
done loading the font, the first letter isn’t updated to render with the loaded
font. Then if you force layout by resizing the window, it crashes.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.