[Webkit-unassigned] [Bug 204689] [GTK] WebKitWebProcess crashes when displaying a KaTeX formula

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Dec 13 03:55:44 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=204689

--- Comment #2 from Carlos Garcia Campos <cgarcia at igalia.com> ---
==53068== Thread 1:
==53068== Invalid read of size 1
==53068==    at 0xCDB4956: operator short unsigned int (hb-machinery.hh:712)
==53068==    by 0xCDB4956: operator OT::IntType<short unsigned int, 2>::wide_type (hb-open-type.hh:67)
==53068==    by 0xCDB4956: is_null (hb-open-type.hh:174)
==53068==    by 0xCDB4956: operator() (hb-open-type.hh:260)
==53068==    by 0xCDB4956: operator+<const OT::MATH*, OT::IntType<short unsigned int, 2>, true, OT::MathConstants> (hb-open-type.hh:346)
==53068==    by 0xCDB4956: get_constant (hb-ot-math-table.hh:698)
==53068==    by 0xCDB4956: hb_ot_math_get_constant (hb-ot-math.cc:83)
==53068==    by 0x7C265C5: WebCore::OpenTypeMathData::getMathConstant(WebCore::Font const&, WebCore::OpenTypeMathData::MathConstant) const (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.42.0)
==53068==    by 0x7F1D414: WebCore::RenderMathMLScripts::spaceAfterScript() (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.42.0)
==53068==    by 0x7F1D5DA: WebCore::RenderMathMLScripts::computePreferredLogicalWidths() (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.42.0)
==53068==    by 0x7D15F22: WebCore::RenderBox::maxPreferredLogicalWidth() const (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.42.0)
==53068==    by 0x7F18BC3: WebCore::RenderMathMLRow::computePreferredLogicalWidths() (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.42.0)
==53068==    by 0x7D15F22: WebCore::RenderBox::maxPreferredLogicalWidth() const (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.42.0)
==53068==    by 0x7F18BC3: WebCore::RenderMathMLRow::computePreferredLogicalWidths() (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.42.0)
==53068==    by 0x7D15F22: WebCore::RenderBox::maxPreferredLogicalWidth() const (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.42.0)
==53068==    by 0x7F18BC3: WebCore::RenderMathMLRow::computePreferredLogicalWidths() (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.42.0)
==53068==    by 0x7D3B42B: WebCore::RenderBox::computeLogicalWidthInFragmentUsing(WebCore::SizeType, WebCore::Length, WebCore::LayoutUnit, WebCore::RenderBlock const&, WebCore::RenderFragmentContainer*) const (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.42.0)
==53068==    by 0x7D53752: WebCore::RenderBox::computeLogicalWidthInFragment(WebCore::RenderBox::LogicalExtentComputedValues&, WebCore::RenderFragmentContainer*) const (in /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.42.0)
==53068==  Address 0x61012464 is not stack'd, malloc'd or (recently) free'd

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191213/41c5e528/attachment.htm>

More information about the webkit-unassigned mailing list