[Webkit-unassigned] [Bug 113796] New: Crashes in Harfbuzz opening the Boston page
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 2 09:29:48 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=113796
Summary: Crashes in Harfbuzz opening the Boston page
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebKit Gtk
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: hadess at hadess.net
harfbuzz-0.9.14-1.fc19.x86_64
pango-1.34.0-1.fc19.x86_64
webkitgtk3-1.11.92-1.fc19.x86_64
epiphany-3.8.0-1.fc19.x86_64
When opening http://en.wikipedia.org/wiki/Boston and skipping to the next page (not sure if that step is needed), the view process crashes.
strchr() is being passed a NULL string.
Core was generated by `/usr/libexec/WebKitWebProcess 16'.
Program terminated with signal 11, Segmentation fault.
#0 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:136
136 ../sysdeps/x86_64/multiarch/strchr.S: No such file or directory.
Thread 1 (Thread 0x7f10d7852a00 (LWP 2309)):
#0 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:136
No locals.
#1 0x00000034bac3ef1d in strchr (__c=45, __s=0x0) at /usr/include/string.h:227
No locals.
#2 _hb_graphite2_shape (shape_plan=<optimized out>, font=<optimized out>, buffer=0x2855740, features=0x0, num_features=0) at hb-graphite2.cc:229
ci = <optimized out>
chars = <optimized out>
gids = <optimized out>
grfont = 0x2855940
lang = 0x0
ic = <optimized out>
curradvx = <optimized out>
scratch_size = 0
scratch = <optimized out>
script_tag = {42194816, 0}
glyph_count = <optimized out>
is = <optimized out>
curradvy = <optimized out>
pPos = <optimized out>
grface = 0x25bce10
lang_len = <optimized out>
feats = <optimized out>
clusters = <optimized out>
face = <optimized out>
seg = <optimized out>
pg = <optimized out>
#3 0x00000034bac151c6 in hb_shape_plan_execute (shape_plan=0x2843590, font=0x283d780, buffer=0x2855740, features=0x0, num_features=0) at hb-shaper-list.hh:35
__PRETTY_FUNCTION__ = "hb_bool_t hb_shape_plan_execute(hb_shape_plan_t*, hb_font_t*, hb_buffer_t*, const hb_feature_t*, unsigned int)"
#4 0x00000034bac14351 in hb_shape_full (font=0x283d780, buffer=0x2855740, features=0x0, num_features=0, shaper_list=<optimized out>) at hb-shape.cc:260
__PRETTY_FUNCTION__ = "hb_bool_t hb_shape_full(hb_font_t*, hb_buffer_t*, const hb_feature_t*, unsigned int, const char* const*)"
shape_plan = 0x2843590
res = <optimized out>
#5 0x0000003e08b2278e in WebCore::HarfBuzzShaper::shapeHarfBuzzRuns () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#6 0x0000003e08b23c4f in WebCore::HarfBuzzShaper::shape () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#7 0x0000003e08b1db40 in WebCore::Font::drawComplexText () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#8 0x0000003e091a7967 in WebCore::GraphicsContext::drawText () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#9 0x0000003e08b66cf9 in paintTextWithShadows () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#10 0x0000003e08b6af7e in WebCore::InlineTextBox::paint () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#11 0x0000003e08b64f6a in WebCore::InlineFlowBox::paint () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#12 0x0000003e08cd0a7c in WebCore::RootInlineBox::paint () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#13 0x0000003e08c40d90 in WebCore::RenderLineBoxList::paint () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#14 0x0000003e08b713f5 in WebCore::RenderBlock::paintContents () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#15 0x0000003e08b84ea3 in WebCore::RenderBlock::paintObject () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#16 0x0000003e08b6e05f in WebCore::RenderBlock::paint () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#17 0x0000003e08b71511 in WebCore::RenderBlock::paintChild () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#18 0x0000003e08b71680 in WebCore::RenderBlock::paintChildren () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#19 0x0000003e08b7139d in WebCore::RenderBlock::paintContents () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#20 0x0000003e08b84ea3 in WebCore::RenderBlock::paintObject () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#21 0x0000003e08b6e05f in WebCore::RenderBlock::paint () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#22 0x0000003e08b71511 in WebCore::RenderBlock::paintChild () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#23 0x0000003e08b71680 in WebCore::RenderBlock::paintChildren () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#24 0x0000003e08b7139d in WebCore::RenderBlock::paintContents () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#25 0x0000003e08b84ea3 in WebCore::RenderBlock::paintObject () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#26 0x0000003e08b6e05f in WebCore::RenderBlock::paint () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#27 0x0000003e08b71511 in WebCore::RenderBlock::paintChild () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#28 0x0000003e08b71680 in WebCore::RenderBlock::paintChildren () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#29 0x0000003e08b7139d in WebCore::RenderBlock::paintContents () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#30 0x0000003e08b84ea3 in WebCore::RenderBlock::paintObject () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#31 0x0000003e08b6e05f in WebCore::RenderBlock::paint () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#32 0x0000003e08b71511 in WebCore::RenderBlock::paintChild () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#33 0x0000003e08b71680 in WebCore::RenderBlock::paintChildren () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#34 0x0000003e08b7139d in WebCore::RenderBlock::paintContents () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#35 0x0000003e08b84ea3 in WebCore::RenderBlock::paintObject () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#36 0x0000003e08b6e05f in WebCore::RenderBlock::paint () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#37 0x0000003e08c24f96 in WebCore::RenderLayer::paintLayerContents () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#38 0x0000003e08c25691 in WebCore::RenderLayer::paintLayer () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#39 0x0000003e08c26536 in WebCore::RenderLayer::paintList () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#40 0x0000003e08c242f2 in WebCore::RenderLayer::paintLayerContents () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#41 0x0000003e08c25691 in WebCore::RenderLayer::paintLayer () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#42 0x0000003e08c26536 in WebCore::RenderLayer::paintList () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#43 0x0000003e08c242f2 in WebCore::RenderLayer::paintLayerContents () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#44 0x0000003e08c25691 in WebCore::RenderLayer::paintLayer () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#45 0x0000003e08c2578e in WebCore::RenderLayer::paint () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#46 0x0000003e08aec730 in WebCore::FrameView::paintContents () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#47 0x0000003e09252e0c in WebCore::ScrollView::paint () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#48 0x0000003e083a708c in WebKit::WebPage::drawRect () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#49 0x0000003e08396585 in WebKit::DrawingAreaImpl::display () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#50 0x0000003e083979d2 in WebKit::DrawingAreaImpl::display () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#51 0x0000003e096ff59a in WebCore::RunLoop::TimerBase::timerFiredCallback () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#52 0x00000034b9048aa3 in g_timeout_dispatch (source=source at entry=0x24d24e0, callback=<optimized out>, user_data=<optimized out>) at gmain.c:4413
timeout_source = 0x24d24e0
again = <optimized out>
#53 0x00000034b9047f46 in g_main_dispatch (context=0x16a5640) at gmain.c:3054
dispatch = 0x34b9048a90 <g_timeout_dispatch>
was_in_call = 0
user_data = 0x22d0c38
callback = 0x3e096ff580 <WebCore::RunLoop::TimerBase::timerFiredCallback(WebCore::RunLoop::TimerBase*)>
cb_funcs = 0x34b932a900 <g_source_callback_funcs>
cb_data = 0x22bd9d0
need_destroy = <optimized out>
current_source_link = {data = 0x24d24e0, next = 0x0}
source = 0x24d24e0
current = 0x16d5100
i = 0
#54 g_main_context_dispatch (context=context at entry=0x16a5640) at gmain.c:3630
No locals.
#55 0x00000034b9048298 in g_main_context_iterate (context=0x16a5640, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3701
max_priority = 0
timeout = 0
some_ready = 1
nfds = <optimized out>
allocated_nfds = 27
fds = 0x2538cc0
#56 0x00000034b904869a in g_main_loop_run (loop=0x184eab0) at gmain.c:3895
__PRETTY_FUNCTION__ = "g_main_loop_run"
#57 0x0000003e08338b0d in WebProcessMainGtk () from /lib64/libwebkit2gtk-3.0.so.22
No locals.
#58 0x0000003fcf821b75 in __libc_start_main (main=0x400870 <main()>, argc=2, ubp_av=0x7fff1ec243d8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff1ec243c8) at libc-start.c:258
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -2214406359183816603, 4196472, 140733709435856, 0, 0, 2214333553699424357, -2217101279134381979}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x3fcf40f4f3 <_dl_init+275>, 0x3fcf622208}, data = {prev = 0x0, cleanup = 0x0, canceltype = -817826573}}}
not_first_call = <optimized out>
#59 0x00000000004008a1 in _start ()
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list