[Webkit-unassigned] [Bug 119088] New: [Qt] Crash in SimpleFontData, probably related to CSS FontFace

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 25 07:28:32 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=119088

           Summary: [Qt] Crash in SimpleFontData, probably related to CSS
                    FontFace
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Qt
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: milian.wolff at kdab.com
                CC: allan.jensen at digia.com


Using qtwebkit stable from gitorious, I see this crash now in an application of ours:

==11529== Invalid read of size 8
==11529==    at 0x87514B2: WTF::RefPtr<WebCore::FontPlatformDataPrivate>::RefPtr(WTF::RefPtr<WebCore::FontPlatformDataPrivate> const&) (RefPtr.h:43)
==11529==    by 0x874F848: WebCore::FontPlatformData::FontPlatformData(WebCore::FontPlatformData const&) (FontPlatformData.h:80)
==11529==    by 0x879B120: WebCore::SimpleFontData::SimpleFontData(WebCore::FontPlatformData const&, bool, bool, bool) (SimpleFontData.cpp:61)
==11529==    by 0x801FFFA: WebCore::SimpleFontData::create(WebCore::FontPlatformData const&, bool, bool, bool) (SimpleFontData.h:90)
==11529==    by 0x802077C: WebCore::CSSFontFaceSource::getFontData(WebCore::FontDescription const&, bool, bool, WebCore::CSSFontSelector*) (CSSFontFaceSource.cpp:185)
==11529==    by 0x800AAA7: WebCore::CSSFontFace::getFontData(WebCore::FontDescription const&, bool, bool) (CSSFontFace.cpp:105)
==11529==    by 0x80A0059: WebCore::CSSSegmentedFontFace::getFontData(WebCore::FontDescription const&) (CSSSegmentedFontFace.cpp:127)
==11529==    by 0x80132CE: WebCore::CSSFontSelector::getFontData(WebCore::FontDescription const&, WTF::AtomicString const&) (CSSFontSelector.cpp:539)
==11529==    by 0x8750992: WebCore::FontCache::getFontData(WebCore::Font const&, int&, WebCore::FontSelector*) (FontCache.cpp:475)
==11529==    by 0x874010E: WebCore::FontFallbackList::fontDataAt(WebCore::Font const*, unsigned int) const (FontFallbackList.cpp:108)
==11529==    by 0x8438477: WebCore::FontFallbackList::primaryFontData(WebCore::Font const*) const (FontFallbackList.h:96)
==11529==    by 0x8438428: WebCore::FontFallbackList::primarySimpleFontData(WebCore::Font const*) (FontFallbackList.h:92)
==11529==  Address 0x38 is not stack'd, malloc'd or (recently) free'd

I have not yet found a simple testcase which triggers this crash in a standalone WebView.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list