[Webkit-unassigned] [Bug 30074] Assertion failed, causes Safari crash from function crossing_count

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 20 14:31:09 PDT 2009


https://bugs.webkit.org/show_bug.cgi?id=30074


Jeffrey Warren <warren at mit.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|INVALID                     |
             Status|RESOLVED                    |UNCONFIRMED




--- Comment #9 from Jeffrey Warren <warren at mit.edu>  2009-10-20 14:31:09 PDT ---
I've looked at this again and it seems related to the behavior of the
canvas.lineTo()/canvas.moveTo() commands. The actual console output was: 

10/19/09 11:20:48 AM    Safari[86156]    crossing_count: warning: assertion
failed: 0 is not in the range (nan, nan) or (nan, nan); assuming the latter.
Please report this bug.

Oct 19 11:23:33 nautilus [0x0-0xa11a11].com.apple.Safari[86176]: Mon Oct 19
11:23:33 nautilus.local Safari[86176] <Error>: CGPathAddLineToPoint: no current
point.
Oct 19 11:23:33 nautilus Safari[86176]: CGPathAddLineToPoint: no current point.

Indicating that, just as with lineTo, a new point was added to a line which did
not yet have an initial point. Polygon drawing in canvas will fail in WebKit if
you don't first moveTo(x,y) before running lineTo(x,y) and this bug seems to
expose a similar limitation when drawing text. 

However, the lineTo/moveTo behavior is caught and logged, and does not crash
Webkit; it would be fantastic to do the same in the new drawText()
functionality.

I'd argue that WebKit should implement a try/catch behavior on this bug so that
Safari doesn't crash, regardless of whether Apple fixes the underlying Core
Graphics problem. As the drawText function sees more and more usage, this bug
will become a serious liability. 

Best,
Jeff

====================================================== 



Safari:
Version 4.0.3 (6531.9)

Application Specific Information:
Assertion failed: ((min.y == p[0].y && max.y == p[order].y) || (min.y ==
p[order].y && max.y == p[0].y)), function crossing_count, file
Paths/path-crossing.c, line 176.


Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   libSystem.B.dylib                 0x90eb4912 __kill + 10
1   libSystem.B.dylib                 0x90eb4904 kill$UNIX2003 + 32
2   libSystem.B.dylib                 0x90f47b99 raise + 26
3   libSystem.B.dylib                 0x90f5dc50 abort + 93
4   libSystem.B.dylib                 0x90f4a7f8 __pthread_markcancel + 0
5   com.apple.CoreGraphics            0x910e167b crossing_count + 702
6   com.apple.CoreGraphics            0x910e132e path_evaluate_level + 267
7   com.apple.CoreGraphics            0x910e11db
path_get_expected_outside_orientation + 18
8   com.apple.CoreGraphics            0x910e1194 path_fix_orientation + 19
9   com.apple.CoreGraphics            0x910e0e0a
CGPathCreateByNormalizingGlyphPath + 39
10  com.apple.CoreGraphics            0x910e0c23 CGFontCreateGlyphPath + 66
11  libRIP.A.dylib                    0x97d11186 ripc_DrawGlyphs + 2052
12  com.apple.CoreGraphics            0x91096be2 draw_glyphs + 1508
13  com.apple.CoreGraphics            0x91096537
CGContextShowGlyphsWithAdvances + 527
14  com.apple.WebCore                 0x9255025d
WebCore::Font::drawGlyphs(WebCore::GraphicsContext*, WebCore::SimpleFontData
const*, WebCore::GlyphBuffer const&, int, int, WebCore::FloatPoint const&)
const + 573
15  com.apple.WebCore                 0x92550004
WebCore::Font::drawGlyphBuffer(WebCore::GraphicsContext*, WebCore::GlyphBuffer
const&, WebCore::TextRun const&, WebCore::FloatPoint const&) const + 212
16  com.apple.WebCore                 0x9254fbc7
WebCore::Font::drawSimpleText(WebCore::GraphicsContext*, WebCore::TextRun
const&, WebCore::FloatPoint const&, int, int) const + 359
17  com.apple.WebCore                 0x9271ea27
WebCore::GraphicsContext::drawBidiText(WebCore::Font const&, WebCore::TextRun
const&, WebCore::FloatPoint const&) + 759
18  com.apple.WebCore                 0x928c0779
WebCore::CanvasRenderingContext2D::drawTextInternal(WebCore::String const&,
float, float, bool, float, bool) + 2041
19  com.apple.WebCore                 0x928c0cdf
WebCore::CanvasRenderingContext2D::fillText(WebCore::String const&, float,
float) + 63
20  com.apple.WebCore                 0x928c096b
WebCore::JSCanvasRenderingContext2D::fillText(JSC::ExecState*, JSC::ArgList
const&) + 251
21  com.apple.WebCore                 0x928c0863
WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillText(JSC::ExecState*,
JSC::JSObject*, JSC::JSValue, JSC::ArgList const&) + 115
22  ???                               0x0074820f 0 + 7635471
23  com.apple.JavaScriptCore          0x95e7d770
JSC::Interpreter::execute(JSC::CallFrameClosure&, JSC::JSValue*) + 192
24  ???                               0x1c0083d0 0 + 469795792
25  ???                               0x0000000a 0 + 10

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list