[Webkit-unassigned] [Bug 48723] New: Possible Crash in SegmentedFontData::isLoading

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Oct 30 22:40:07 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=48723

           Summary: Possible Crash in SegmentedFontData::isLoading
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ryuan.choi at samsung.com


It's hardly reproducible in desktop.
but, I got below callstack in my mobile browser(test site is http://samsung.com/us)

#0  WebCore::SegmentedFontData::isLoading (this=0x84e8ae8) at .././WebCore/platform/graphics/SegmentedFontData.cpp:77
#1  0x010bc230 in WebCore::FontFallbackList::fontDataAt (this=0x83fb5c8, font=0x84097d4, realizedFontIndex=0) at .././WebCore/platform/graphics/FontFallbackList.cpp:108
#2  0x010bc3b4 in WebCore::FontFallbackList::primaryFontData (this=0x83fb5c8, font=0x84097d4) at .././WebCore/platform/graphics/FontFallbackList.h:66
#3  WebCore::FontFallbackList::determinePitch (this=0x83fb5c8, font=0x84097d4) at .././WebCore/platform/graphics/FontFallbackList.cpp:76
#4  0x01139d85 in WebCore::FontFallbackList::isFixedPitch (this=0x83d7c74, resolver=..., firstLine=true, isLineEmpty=@0xbfffd42c, previousLineBrokeCleanly=@0xbfffd42d, hyphenated=@0xbfffd42b, clear=0xbfffd410)
    at .././WebCore/platform/graphics/FontFallbackList.h:47
#5  WebCore::Font::isFixedPitch (this=0x83d7c74, resolver=..., firstLine=true, isLineEmpty=@0xbfffd42c, previousLineBrokeCleanly=@0xbfffd42d, hyphenated=@0xbfffd42b, clear=0xbfffd410) at .././WebCore/platform/graphics/Font.h:251
#6  WebCore::RenderBlock::findNextLineBreak (this=0x83d7c74, resolver=..., firstLine=true, isLineEmpty=@0xbfffd42c, previousLineBrokeCleanly=@0xbfffd42d, hyphenated=@0xbfffd42b, clear=0xbfffd410)
    at .././WebCore/rendering/RenderBlockLineLayout.cpp:1567

As my poor tracing, It looks highly related to CSSFontFace::fontLoaded.
CSSFontFace call CSSSegmentedFontFace::fontLoaded when loaded source is same as m_activeSource.
but, m_activeSource can get one source, although CSSFontFace::getFontData is called more than one time.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list