[Webkit-unassigned] [Bug 141093] New: Crash with SIGBUS in `WebCore::WidthIterator::advanceInternal`
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 30 13:04:58 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=141093
Bug ID: 141093
Summary: Crash with SIGBUS in
`WebCore::WidthIterator::advanceInternal`
Classification: Unclassified
Product: WebKit
Version: 528+ (Nightly build)
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Major
Priority: P2
Component: New Bugs
Assignee: webkit-unassigned at lists.webkit.org
Reporter: paulepanter at users.sourceforge.net
Created attachment 245735
--> https://bugs.webkit.org/attachment.cgi?id=245735&action=review
(gdb) t a a bt f
With Debian Sid/unstable, while reading emails, a self built Evolution 3.12.10 crashes with a bus error. WebKitGTK+ 2.4.8 is used.
Core was generated by `evolution'.
Program terminated with signal SIGBUS, Bus error.
#0 WebCore::WidthIterator::advanceInternal<WebCore::Latin1TextIterator> (this=0xbfe4d47c, textIterator=..., glyphBuffer=0xbfe4d500)
at ../Source/WebCore/platform/graphics/WidthIterator.cpp:156
Getting the backtrace from the saved core dump file shows the following.
Thread 1 (Thread 0xb026f900 (LWP 3046)):
#0 WebCore::WidthIterator::advanceInternal<WebCore::Latin1TextIterator> (this=0xbfe4d47c, textIterator=..., glyphBuffer=0xbfe4d500)
at ../Source/WebCore/platform/graphics/WidthIterator.cpp:156
No locals.
#1 0xb57b3035 in WebCore::WidthIterator::advance (this=0xbfe4d47c, offset=<optimized out>, glyphBuffer=0xbfe4d500)
at ../Source/WebCore/platform/graphics/WidthIterator.cpp:349
textIterator = {m_characters = 0xa5612a3d "Von:", m_currentCharacter = 0, m_lastCharacter = 4}
textIterator = {m_characters = 0xa5612a3d, m_currentCharacter = 0, m_lastCharacter = 4, m_endCharacter = -1250218675}
#2 0xb5792858 in WebCore::Font::getGlyphsAndAdvancesForSimpleText (this=0x87673d00, run=..., from=0, to=4, glyphBuffer=...,
forTextEmphasis=WebCore::Font::NotForTextEmphasis) at ../Source/WebCore/platform/graphics/FontFastPath.cpp:133
totalWidth = <optimized out>
beforeWidth = <optimized out>
glyphPos = <optimized out>
afterWidth = <optimized out>
glyphTo = <optimized out>
it = {m_font = 0x87673d00, m_run = @0xbfe6d944, m_currentCharacter = 0, m_runWidthSoFar = 0, m_expansion = 0,
m_expansionPerOpportunity = 0, m_isAfterExpansion = true, m_finalRoundingWidth = 0,
m_characterIndexOfGlyph = {<WTF::VectorBuffer<int, 10u>> = {<WTF::VectorBufferBase<int>> = {m_buffer = 0xbfe4d4a8,
m_capacity = 10, m_size = 0}, m_inlineBuffer = {{__data = "\000\000\000", __align = {<No data fields>}}, {
__data = "\000\000\000", __align = {<No data fields>}}, {__data = "\000\000\000", __align = {<No data fields>}}, {
__data = "\000\000\000", __align = {<No data fields>}}, {__data = "\000\000\000", __align = {<No data fields>}}, {
__data = "\000\000\000", __align = {<No data fields>}}, {__data = "\000\000\000", __align = {<No data fields>}}, {
__data = "\000\000\000", __align = {<No data fields>}}, {__data = "\000\000\000", __align = {<No data fields>}}, {
__data = "\000\000\000", __align = {<No data fields>}}}}, <No data fields>}, m_lastGlyphName = {m_impl = {m_ptr = 0x0}},
m_arabicForms = {<WTF::VectorBuffer<WebCore::SVGGlyph::ArabicForm, 0u>> = {<WTF::VectorBufferBase<WebCore::SVGGlyph::ArabicForm>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}, m_typesettingFeatures = 0, m_fallbackFonts = 0x0,
m_accountForGlyphBounds = false, m_maxGlyphBoundingBoxY = 1.17549435e-38, m_minGlyphBoundingBoxY = 3.40282347e+38,
m_firstGlyphOverflow = 0, m_lastGlyphOverflow = 0, m_forTextEmphasis = false}
localGlyphBuffer = {
m_fontData = {<WTF::VectorBuffer<WebCore::SimpleFontData const*, 2048u>> = {<WTF::VectorBufferBase<WebCore::SimpleFontData const*>> = {m_buffer = 0xbfe4d50c, m_capacity = 2048, m_size = 0}, m_inlineBuffer = {{__data = "\224\325", <incomplete sequence \344\277>,
The only thing I spotted is `m_endCharacter = -1250218675}`. No idea if that is correct.
Please find the whole backtrace attached.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150130/a1339f60/attachment-0002.html>
More information about the webkit-unassigned
mailing list