[Webkit-unassigned] [Bug 54758] Crash when laying out page with loaded fonts (intermittent)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 22 11:23:59 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=54758
--- Comment #3 from Russell Brenner <russell at android.com> 2011-02-22 11:23:59 PST ---
Created an attachment (id=83347)
--> (https://bugs.webkit.org/attachment.cgi?id=83347&action=review)
stack trace
Attaching stack trace of a typical failure. Here's an excerpt showing the fallout of a freed node pointer:
(gdb) frame 1
#1 0x822530a6 in WebCore::Font::glyphDataForCharacter (this=0x78d7f4, c=69, mirror=false, forceSmallCaps=false)
at external/webkit/WebCore/platform/graphics/FontFastPath.cpp:76
76 GlyphData data = page->glyphDataForCharacter(c);
(gdb) l
71 if (!useSmallCapsFont) {
72 // Fastest loop, for the common case (not small caps).
73 while (true) {
74 page = node->page();
75 if (page) {
76 GlyphData data = page->glyphDataForCharacter(c);
77 if (data.fontData) {
78 if (data.fontData->platformData().orientation() == Vertical && data.fontData->orientation() == Horizontal && Font::isCJKIdeograph(c)) {
79 const SimpleFontData* ideographFontData = data.fontData->brokenIdeographFontData();
80 GlyphPageTreeNode* ideographNode = GlyphPageTreeNode::getRootChild(ideographFontData, pageNumber);
(gdb) p page
$1 = (WebCore::GlyphPage *) 0x9
With the proposed patch, these two calls pruneTable() remain in place for all platforms except android (#if ! PLATFORM(ANDROID)). This may be overly conservative, as I believe the pruning will still take place in a timely fashion when the page is updated in response to Document::scheduleForcedStyleRecalc(), called by CSSFontSelector::fontLoaded(). The more aggressive patch would be to remove these two calls from all platforms.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list