[Webkit-unassigned] [Bug 191595] New: [FreeType] Memory corruption under WebCore::FontPlatformData::FontPlatformData

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 13 13:17:02 PST 2018 

https://bugs.webkit.org/show_bug.cgi?id=191595

            Bug ID: 191595
           Summary: [FreeType] Memory corruption under
                    WebCore::FontPlatformData::FontPlatformData
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

Created attachment 354692

  --> https://bugs.webkit.org/attachment.cgi?id=354692&action=review

Full backtrace

Reproducer: https://thepointsguy.com/2017/09/experience-only-on-virgin-america/

Full backtrace attached. Truncated backtrace:

#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007fee8eade515 in __GI_abort () at abort.c:79
#2  0x00007fee8eb354c8 in __libc_message (action=action at entry=do_abort, 
    fmt=fmt at entry=0x7fee8ec3e1fb "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007fee8eb3b8da in malloc_printerr (str=str at entry=0x7fee8ec3c402 "free(): invalid pointer")
    at malloc.c:5350
#4  0x00007fee8eb3d06c in _int_free (av=<optimized out>, p=<optimized out>, have_lock=<optimized out>)
    at malloc.c:4157
#5  0x00007fee8fedd993 in cairo_ft_apply_variations (face=face at entry=0x7fed3aba7100, 
    scaled_font=<optimized out>, scaled_font=<optimized out>) at ../../src/cairo-ft-font.c:2396
#6  0x00007fee8fee0a7f in cairo_ft_scaled_font_lock_face (
    abstract_font=abstract_font at entry=0x55c6020ea1b0) at ../../src/cairo-ft-font.c:3859
#7  0x00007fee95085334 in WebCore::CairoFtFaceLocker::CairoFtFaceLocker (scaledFont=0x55c6020ea1b0, 
    this=<synthetic pointer>) at ../Source/WebCore/platform/graphics/cairo/CairoUtilities.h:55
#8  WebCore::FontPlatformData::FontPlatformData (this=0x7ffc53bd7d30, fontFace=<optimized out>, 
    description=..., bold=<optimized out>, italic=<optimized out>)
    at ../Source/WebCore/platform/graphics/freetype/FontPlatformDataFreeType.cpp:168
#9  0x00007fee95084873 in WebCore::FontCustomPlatformData::fontPlatformData (this=<optimized out>, 
    description=..., bold=<optimized out>, italic=<optimized out>)
    at ../Source/WebCore/platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:61
#10 0x00007fee949767f4 in WebCore::CachedFont::platformDataFromCustomData (fontCustomPlatformData=..., 
    fontDescription=..., bold=<optimized out>, italic=<optimized out>, fontFaceFeatures=..., 
    fontFaceVariantSettings=..., fontFaceCapabilities=...)
    at ../Source/WebCore/loader/cache/CachedFont.cpp:150

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181113/e4d87f45/attachment.html>

More information about the webkit-unassigned mailing list