[Webkit-unassigned] [Bug 30757] New: Loading large map SVG results in a crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Oct 25 07:18:07 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=30757
Summary: Loading large map SVG results in a crash
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: SVG
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: slomo at circular-chaos.org
Hi,
with webkit/gtk 1.1.15.1 loading
http://upload.wikimedia.org/wikipedia/commons/5/51/Petra_location_map-de-2.svg
gives a reliable segfault. Apparently the problem is, that webkit passes a NULL
font to cairo_ft_scaled_font_lock_face() from WebCore::GlyphPage::fill().
Program received signal SIGSEGV, Segmentation fault.
cairo_ft_scaled_font_lock_face (abstract_font=0x0)
at /tmp/buildd/cairo-1.9.4/src/cairo-ft-font.c:2833
2833 /tmp/buildd/cairo-1.9.4/src/cairo-ft-font.c: Datei oder Verzeichnis
nicht gefunden.
in /tmp/buildd/cairo-1.9.4/src/cairo-ft-font.c
(gdb) bt
#0 cairo_ft_scaled_font_lock_face (abstract_font=0x0)
at /tmp/buildd/cairo-1.9.4/src/cairo-ft-font.c:2833
#1 0x00007ffff44891d9 in WebCore::GlyphPage::fill (this=0x7fffde46a400,
offset=0, length=256, buffer=0x7fffffffc600, bufferLength=256,
fontData=0x7fffde53aa00)
at ../WebCore/platform/graphics/gtk/GlyphPageTreeNodeGtk.cpp:45
#2 0x00007ffff41eedc6 in WebCore::GlyphPageTreeNode::initializePage (
this=0x7fffde555b00, fontData=0x7fffde52c348,
pageNumber=<value optimized out>)
at ../WebCore/platform/graphics/GlyphPageTreeNode.cpp:222
#3 0x00007ffff41ef339 in WebCore::GlyphPageTreeNode::getChild (
this=0x7fffe9228980, fontData=0x7fffde52c348, pageNumber=0)
at ../WebCore/platform/graphics/GlyphPageTreeNode.cpp:323
#4 0x00007ffff41ed1dd in WebCore::Font::glyphDataForCharacter (
this=0x7fffde4aadf0, c=83, mirror=false, forceSmallCaps=false)
at ../WebCore/platform/graphics/FontFastPath.cpp:64
#5 0x00007ffff41fbf7c in WebCore::WidthIterator::advance (
this=0x7fffffffcd50, offset=6, glyphBuffer=0x0)
at ../WebCore/platform/graphics/WidthIterator.cpp:116
#6 0x00007ffff41ec8c5 in WebCore::Font::floatWidthForSimpleText (
this=<value optimized out>, run=..., glyphBuffer=0x0,
fallbackFonts=<value optimized out>)
at ../WebCore/platform/graphics/FontFastPath.cpp:323
#7 0x00007ffff4263144 in WebCore::Font::width (this=0x7fffde4c2230,
resolver=..., firstLine=true, isLineEmpty=@0x7fffffffd5bc,
previousLineBrokeCleanly=@0x7fffffffd5bd, clear=0x7fffffffd5a8)
at ../WebCore/platform/graphics/Font.h:81
#8 textWidth (this=0x7fffde4c2230, resolver=..., firstLine=true,
isLineEmpty=@0x7fffffffd5bc, previousLineBrokeCleanly=@0x7fffffffd5bd,
clear=0x7fffffffd5a8)
at ../WebCore/rendering/RenderBlockLineLayout.cpp:1582
#9 WebCore::RenderBlock::findNextLineBreak (this=0x7fffde4c2230,
resolver=..., firstLine=true, isLineEmpty=@0x7fffffffd5bc,
previousLineBrokeCleanly=@0x7fffffffd5bd, clear=0x7fffffffd5a8)
at ../WebCore/rendering/RenderBlockLineLayout.cpp:1896
#10 0x00007ffff4265642 in WebCore::RenderBlock::layoutInlineChildren (
this=0x7fffde4c2230, relayoutChildren=true, repaintTop=@0x7fffffffd6ac,
repaintBottom=@0x7fffffffd6a8)
at ../WebCore/rendering/RenderBlockLineLayout.cpp:959
#11 0x00007ffff425a6c5 in WebCore::RenderBlock::layoutBlock (
this=0x7fffde4c2230, relayoutChildren=true)
at ../WebCore/rendering/RenderBlock.cpp:712
#12 0x00007ffff424a9db in WebCore::RenderBlock::layout (this=0x7fffde4c2230)
at ../WebCore/rendering/RenderBlock.cpp:638
#13 0x00007ffff4397449 in WebCore::RenderSVGText::layout (this=0x7fffde4c2230)
at ../WebCore/rendering/RenderSVGText.cpp:86
#14 0x00007ffff4391fdd in WebCore::RenderObject::layoutIfNeeded (
this=0x7fffde4c2070) at ../WebCore/rendering/RenderObject.h:488
#15 WebCore::RenderSVGContainer::layout (this=0x7fffde4c2070)
at ../WebCore/rendering/RenderSVGContainer.cpp:73
#16 0x00007ffff4396344 in WebCore::RenderObject::layoutIfNeeded (
this=0x7fffde4c1660) at ../WebCore/rendering/RenderObject.h:488
#17 WebCore::RenderSVGRoot::layout (this=0x7fffde4c1660)
at ../WebCore/rendering/RenderSVGRoot.cpp:102
#18 0x00007ffff4258b4e in WebCore::RenderBlock::layoutBlockChild (
this=0x7fffde4c1420, child=0x7fffde4c1660, marginInfo=...,
previousFloatBottom=<value optimized out>, maxFloatBottom=@0x7fffffffdaf4)
at ../WebCore/rendering/RenderBlock.cpp:1327
#19 0x00007ffff42596f0 in WebCore::RenderBlock::layoutBlockChildren (
this=0x7fffde4c1420, relayoutChildren=false,
maxFloatBottom=@0x7fffffffdaf4)
at ../WebCore/rendering/RenderBlock.cpp:1270
#20 0x00007ffff425ab33 in WebCore::RenderBlock::layoutBlock (
this=0x7fffde4c1420, relayoutChildren=false)
at ../WebCore/rendering/RenderBlock.cpp:714
#21 0x00007ffff424a9db in WebCore::RenderBlock::layout (this=0x7fffde4c1420)
at ../WebCore/rendering/RenderBlock.cpp:638
#22 0x00007ffff42deaa4 in WebCore::RenderView::layout (this=0x7fffde4c1420)
at ../WebCore/rendering/RenderView.cpp:122
#23 0x00007ffff41a2413 in WebCore::FrameView::layout (
this=<value optimized out>, allowSubtree=<value optimized out>)
at ../WebCore/page/FrameView.cpp:624
#24 0x00007ffff41e0220 in WebCore::ThreadTimers::sharedTimerFiredInternal (
this=0x7fffe9178540) at ../WebCore/platform/ThreadTimers.cpp:112
#25 0x00007ffff4471b72 in timeout_cb ()
at ../WebCore/platform/gtk/SharedTimerGtk.cpp:48
#26 0x00007ffff550a12a in g_main_dispatch (context=0x6c79a0)
at /tmp/buildd/glib2.0-2.22.2/glib/gmain.c:1960
#27 IA__g_main_context_dispatch (context=0x6c79a0)
at /tmp/buildd/glib2.0-2.22.2/glib/gmain.c:2513
#28 0x00007ffff550d988 in g_main_context_iterate (context=0x6c79a0, block=1,
dispatch=1, self=<value optimized out>)
at /tmp/buildd/glib2.0-2.22.2/glib/gmain.c:2591
#29 0x00007ffff550de5d in IA__g_main_loop_run (loop=0x701c90)
at /tmp/buildd/glib2.0-2.22.2/glib/gmain.c:2799
#30 0x00007ffff7482ca7 in IA__gtk_main ()
at /tmp/buildd/gtk+2.0-2.18.3/gtk/gtkmain.c:1218
#31 0x0000000000420c7c in main ()
(gdb)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list