[Webkit-unassigned] [Bug 119088] [Qt] Crash in SimpleFontData, related to @font-face with non-existing src url

Mon Aug 5 08:26:58 PDT 2013

https://bugs.webkit.org/show_bug.cgi?id=119088

--- Comment #7 from Milian Wolff <milian.wolff at kdab.com>  2013-08-05 08:26:39 PST ---
I just updated everything from the stable branches and wiped the build folders and redid everything, like this:

cd $(dirname $0)
mkdir qtbase &>/dev/null
cd qtbase

../../qtbase/configure -prefix /home/milian/projects/compiled/qt5 \
  -opensource -confirm-license -debug
make -j40 && make install

// note: qmake-qt5 is a ln -s of the qmabe build above

for d in qtjsbackend qtxmlpatterns qtdeclarative qtconnectivity qtlocation qttools qtwebkit; do
  if [ ! -d "$d" ]; then mkdir $d; fi
  pushd $d
  qmake-qt5 CONFIG+=debug ../../$d/$d.pro -r
  (make -j40 && make install -j4) || exit
  popd
done

And it still crashes:

==32468== Thread 1:
==32468== Invalid read of size 8
==32468==    at 0x8DDF820: WebCore::SimpleFontData::SimpleFontData(WebCore::FontPlatformData const&, bool, bool, bool) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2)
==32468==    by 0x89C5668: WebCore::CSSFontFaceSource::getFontData(WebCore::FontDescription const&, bool, bool, WebCore::CSSFontSelector*) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2)
==32468==    by 0x89B570B: WebCore::CSSFontFace::getFontData(WebCore::FontDescription const&, bool, bool) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2)
==32468==    by 0x8A27578: WebCore::CSSSegmentedFontFace::getFontData(WebCore::FontDescription const&) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2)
==32468==    by 0x89C2C67: WebCore::CSSFontSelector::getFontData(WebCore::FontDescription const&, WTF::AtomicString const&) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2)
==32468==    by 0x8DA3AE3: WebCore::FontCache::getFontData(WebCore::Font const&, int&, WebCore::FontSelector*) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2)
==32468==    by 0x8D8D811: WebCore::FontFallbackList::fontDataAt(WebCore::Font const*, unsigned int) const (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2)
==32468==    by 0x8D8DADD: WebCore::FontFallbackList::determinePitch(WebCore::Font const*) const (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2)
==32468==    by 0x9D1B386: WebCore::RenderBlock::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderBlock::RenderTextInfo&, WebCore::RenderBlock::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul>&) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2)
==32468==    by 0x9D2090B: WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2)
==32468==    by 0x9D330E7: WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2)
==32468==    by 0x9D337F3: WebCore::RenderBlock::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2)
==32468==  Address 0x38 is not stack'd, malloc'd or (recently) free'd

Considering that mibrunin also cannot reproduce this issue, I wonder what else could influence this? Any other stuff from the system which might be an issue? Any font library or such?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.