[Webkit-unassigned] [Bug 191805] Segfaults on https://terminalizer.com/

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Nov 18 15:18:49 PST 2018 

https://bugs.webkit.org/show_bug.cgi?id=191805

Cédric Bellegarde <cedric.bellegarde at adishatz.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |---

--- Comment #5 from Cédric Bellegarde <cedric.bellegarde at adishatz.org> ---
Here the full backtrace (dnf update does not update debug symbols :-/)

#0  0x00007eff0d1a1ce9 in WebCore::harfBuzzGetGlyph(hb_font_t*, void*, hb_codepoint_t, hb_codepoint_t, hb_codepoint_t*, void*) (fontData=<optimized out>, unicode=<optimized out>, glyph=0x7fffd9067d08) at /usr/src/debug/webkit2gtk3-2.22.3-1.fc29.x86_64/Source/WebCore/platform/graphics/harfbuzz/HarfBuzzFaceCairo.cpp:107
#1  0x00007eff07d855df in _ZN9hb_font_t17get_nominal_glyphEjPj (glyph=0x7fffd9067d08, unicode=0, this=<optimized out>) at hb-font-private.hh:211
#2  0x00007eff07d855df in decompose_current_character (shortest=true, c=0x7fffd9067d10) at hb-ot-shape-normalize.cc:169
#3  0x00007eff07d855df in decompose_cluster (always_short_circuit=<optimized out>, might_short_circuit=true, end=<optimized out>, c=0x7fffd9067d10) at hb-ot-shape-normalize.cc:271
#4  0x00007eff07d855df in _Z22_hb_ot_shape_normalizePK18hb_ot_shape_plan_tP11hb_buffer_tP9hb_font_t (plan=plan at entry=0x55b1e7556160, buffer=buffer at entry=0x55b1e75b4f70, font=font at entry=0x55b1e75b5060) at hb-ot-shape-normalize.cc:330
#5  0x00007eff07d737d6 in hb_ot_substitute_default (c=<synthetic pointer>) at hb-ot-shape.cc:604
#6  0x00007eff07d737d6 in hb_ot_substitute (c=<synthetic pointer>) at hb-ot-shape.cc:636
#7  0x00007eff07d737d6 in hb_ot_shape_internal (c=<synthetic pointer>) at hb-ot-shape.cc:870
#8  0x00007eff07d737d6 in _hb_ot_shape(hb_shape_plan_t*, hb_font_t*, hb_buffer_t*, hb_feature_t const*, unsigned int) (shape_plan=shape_plan at entry=0x55b1e7548920, font=font at entry=0x55b1e75b5060, buffer=buffer at entry=0x55b1e75b4f70, features=features at entry=0x7fffd9067fd0, num_features=num_features at entry=1) at hb-ot-shape.cc:898
#9  0x00007eff07d381ff in hb_shape_plan_execute(hb_shape_plan_t*, hb_font_t*, hb_buffer_t*, hb_feature_t const*, unsigned int) (shape_plan=shape_plan at entry=0x55b1e7548920, font=font at entry=0x55b1e75b5060, buffer=buffer at entry=0x55b1e75b4f70, features=features at entry=0x7fffd9067fd0, num_features=num_features at entry=1) at hb-shaper-list.hh:43
#10 0x00007eff07d3778a in hb_shape_full(hb_font_t*, hb_buffer_t*, hb_feature_t const*, unsigned int, char const* const*) (font=0x55b1e75b5060, buffer=0x55b1e75b4f70, features=0x7fffd9067fd0, num_features=1, shaper_list=<optimized out>) at hb-shape.cc:137
#11 0x00007eff0d19fa0d in _ZN7WebCore21ComplexTextController35collectComplexTextRunsForCharactersEPKDsjjPKNS_4FontE (this=0x7fffd9068150, characters=0x7efe8f49a68c u"", length=1, stringLocation=0, font=0x7efe63cc4b58) at /usr/src/debug/webkit2gtk3-2.22.3-1.fc29.x86_64/x86_64-redhat-linux-gnu/DerivedSources/ForwardingHeaders/wtf/Vector.h:724
#12 0x00007eff0cc0e338 in _ZN7WebCore21ComplexTextController22collectComplexTextRunsEv (this=this at entry=0x7fffd9068150) at /usr/src/debug/webkit2gtk3-2.22.3-1.fc29.x86_64/Source/WebCore/platform/graphics/ComplexTextController.cpp:468
#13 0x00007eff0cc10269 in _ZN7WebCore21ComplexTextControllerC2ERKNS_11FontCascadeERKNS_7TextRunEbPN3WTF7HashSetIPKNS_4FontENS7_7PtrHashISB_EENS7_10HashTraitsISB_EEEEb (this=0x7fffd9068150, font=..., run=..., mayUseNaturalWritingDirection=<optimized out>, fallbackFonts=<optimized out>, forTextEmphasis=<optimized out>) at /usr/src/debug/webkit2gtk3-2.22.3-1.fc29.x86_64/Source/WebCore/platform/graphics/ComplexTextController.cpp:155
#14 0x00007eff0cc268a8 in _ZNK7WebCore11FontCascade34getGlyphsAndAdvancesForComplexTextERKNS_7TextRunEjjRNS_11GlyphBufferENS0_20ForTextEmphasisOrNotE (this=<optimized out>, run=..., from=0, to=1, glyphBuffer=..., forTextEmphasis=<optimized out>) at /usr/src/debug/webkit2gtk3-2.22.3-1.fc29.x86_64/Source/WebCore/platform/graphics/FontCascade.cpp:1391
#15 0x00007eff0cc26f45 in _ZNK7WebCore11FontCascade8drawTextERNS_15GraphicsContextERKNS_7TextRunERKNS_10FloatPointEjSt8optionalIjENS0_24CustomFontNotReadyActionE (this=this at entry=0x7efea5c73be8, context=..., run=..., point=..., from=from at entry=0, to=Python Exception <class 'gdb.error'> There is no member or method named _M_payload.: 
..., customFontNotReadyAction=WebCore::FontCascade::UseFallbackIfFontNotReady) at /usr/src/debug/webkit2gtk3-2.22.3-1.fc29.x86_64/x86_64-redhat-linux-gnu/DerivedSources/ForwardingHeaders/wtf/Optional.h:312
#16 0x00007eff0cc46065 in _ZN7WebCore15GraphicsContext12drawBidiTextERKNS_11FontCascadeERKNS_7TextRunERKNS_10FloatPointENS1_24CustomFontNotReadyActionE (this=this at entry=0x7efe63cc4948, font=..., run=..., point=..., customFontNotReadyAction=customFontNotReadyAction at entry=WebCore::FontCascade::UseFallbackIfFontNotReady) at /usr/src/debug/webkit2gtk3-2.22.3-1.fc29.x86_64/x86_64-redhat-linux-gnu/DerivedSources/ForwardingHeaders/wtf/Optional.h:418
#17 0x00007eff0c9079e9 in _ZNK7WebCore28CanvasRenderingContext2DBase9FontProxy12drawBidiTextERNS_15GraphicsContextERKNS_7TextRunERKNS_10FloatPointENS_11FontCascade24CustomFontNotReadyActionE (action=WebCore::FontCascade::UseFallbackIfFontNotReady, point=..., run=..., context=..., this=0x7efea5c73be0) at /usr/src/debug/webkit2gtk3-2.22.3-1.fc29.x86_64/Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp:348
#18 0x00007eff0c9079e9 in _ZN7WebCore24CanvasRenderingContext2D16drawTextInternalERKN3WTF6StringEffbSt8optionalIfE (this=0x7efe63c84000, text=..., x=<optimized out>, y=<optimized out>, fill=fill at entry=true, maxWidth=Python Exception <class 'gdb.error'> There is no member or method named _M_payload.: 
...) at /usr/src/debug/webkit2gtk3-2.22.3-1.fc29.x86_64/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:586
#19 0x00007eff0c907da2 in _ZN7WebCore24CanvasRenderingContext2D8fillTextERKN3WTF6StringEffSt8optionalIfE (this=this at entry=0x7efe63c84000, text=..., x=<optimized out>, y=<optimized out>, maxWidth=Python Exception <class 'gdb.error'> There is no member or method named _M_payload.: 
...) at /usr/include/c++/8/new:169
#20 0x00007eff0d268012 in WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillTextBody (throwScope=..., castedThis=<optimized out>, state=<optimized out>) at /usr/include/c++/8/new:169
#21 0x00007eff0d268012 in WebCore::IDLOperation<WebCore::JSCanvasRenderingContext2D>::call<WebCore::jsCanvasRenderingContext2DPrototypeFunctionFillTextBody> (operationName=0x7eff0d42c208 "fillText", state=...) at /usr/src/debug/webkit2gtk3-2.22.3-1.fc29.x86_64/Source/WebCore/bindings/js/JSDOMOperation.h:53
#22 0x00007eff0d268012 in _ZN7WebCore51jsCanvasRenderingContext2DPrototypeFunctionFillTextEPN3JSC9ExecStateE (state=<optimized out>) at /usr/src/debug/webkit2gtk3-2.22.3-1.fc29.x86_64/x86_64-redhat-linux-gnu/DerivedSources/WebCore/JSCanvasRenderingContext2D.cpp:3142
#23 0x00007efea7fff177 in  ()
#24 0x00007fffd907bce0 in  ()
#25 0x00007eff0aa16172 in llint_entry () at /lib64/libjavascriptcoregtk-4.0.so.18

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181118/534bd4a5/attachment-0001.html>

More information about the webkit-unassigned mailing list