[Webkit-unassigned] [Bug 212670] New: [Win] infinite loop in ComplexTextController::indexOfCurrentRun

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 2 16:51:04 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=212670

            Bug ID: 212670
           Summary: [Win] infinite loop in
                    ComplexTextController::indexOfCurrentRun
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Text
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Hironori.Fujii at sony.com
                CC: mmaxfield at apple.com

[Win] infinite loop in ComplexTextController::indexOfCurrentRun

AppleWin, WinCairo WK1 and WK2

1. Go to https://ima.goo.ne.jp/column/writer/129.html or https://ima.goo.ne.jp/column/article/8431.html
2. The while loop in ComplexTextController::indexOfCurrentRun never quit

Callstack:

> WebKit.dll!WebCore::ComplexTextController::indexOfCurrentRun(unsigned int & leftmostGlyph=0) Line 526	C++
> WebKit.dll!WebCore::ComplexTextController::incrementCurrentRun(unsigned int & leftmostGlyph=0) Line 551	C++
> WebKit.dll!WebCore::ComplexTextController::advance(unsigned int offset=38, WebCore::GlyphBuffer * glyphBuffer=0x0000000000000000, WebCore::GlyphIterationStyle iterationStyle=ByWholeGlyphs, WTF::HashSet<WebCore::Font const *,WTF::PtrHash<WebCore::Font const *>,WTF::HashTraits<WebCore::Font const *>> * fallbackFonts=0x000000fecbcfb068) Line 662	C++
> WebKit.dll!WebCore::TextLayout::width(unsigned int from=0, unsigned int len=38, WTF::HashSet<WebCore::Font const *,WTF::PtrHash<WebCore::Font const *>,WTF::HashTraits<WebCore::Font const *>> * fallbackFonts=0x000000fecbcfb068) Line 69	C++
> WebKit.dll!WebCore::FontCascade::width(WebCore::TextLayout & layout={...}, unsigned int from=0, unsigned int len=38, WTF::HashSet<WebCore::Font const *,WTF::PtrHash<WebCore::Font const *>,WTF::HashTraits<WebCore::Font const *>> * fallbackFonts=0x000000fecbcfb068) Line 102	C++
> WebKit.dll!WebCore::textWidth(WebCore::RenderText & text={...}, unsigned int from=0, unsigned int len=38, const WebCore::FontCascade & font={...}, float xPos=0.000000000, bool isFixedPitch=false, bool collapseWhiteSpace=true, WTF::HashSet<WebCore::Font const *,WTF::PtrHash<WebCore::Font const *>,WTF::HashTraits<WebCore::Font const *>> & fallbackFonts={...}, WebCore::TextLayout * layout=0x00000205730b5f10) Line 562	C++
> WebKit.dll!WebCore::BreakingContext::computeAdditionalBetweenWordsWidth(WebCore::RenderText & renderText={...}, WebCore::TextLayout * textLayout=0x00000205730b5f10, char16_t currentCharacter=u'さ', WebCore::WordTrailingSpace & wordTrailingSpace={...}, WTF::HashSet<WebCore::Font const *,WTF::PtrHash<WebCore::Font const *>,WTF::HashTraits<WebCore::Font const *>> & fallbackFonts={...}, WTF::Vector<WebCore::WordMeasurement,64,WTF::CrashOnOverflow,16,WTF::FastMalloc> & wordMeasurements={...}, const WebCore::FontCascade & font={...}, bool isFixedPitch=false, unsigned int lastSpace=0, float lastSpaceWordSpacing=0.000000000, float wordSpacingForWordMeasurement=0.000000000, unsigned int offset=38) Line 658	C++
> WebKit.dll!WebCore::BreakingContext::handleText(WTF::Vector<WebCore::WordMeasurement,64,WTF::CrashOnOverflow,16,WTF::FastMalloc> & wordMeasurements={...}, bool & hyphenated=false, unsigned int & consecutiveHyphenatedLines=0) Line 833	C++
> WebKit.dll!WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator,WebCore::BidiRun,WebCore::BidiIsolatedRun> & resolver={...}, WebCore::LineInfo & lineInfo={...}, WebCore::RenderTextInfo & renderTextInfo={...}, WebCore::FloatingObject * lastFloatFromPreviousLine=0x0000000000000000, unsigned int consecutiveHyphenatedLines=0, WTF::Vector<WebCore::WordMeasurement,64,WTF::CrashOnOverflow,16,WTF::FastMalloc> & wordMeasurements={...}) Line 110	C++
> WebKit.dll!WebCore::ComplexLineLayout::layoutRunsAndFloatsInRange(WebCore::LineLayoutState & layoutState={...}, WebCore::BidiResolverWithIsolate<WebCore::InlineIterator,WebCore::BidiRun,WebCore::BidiIsolatedRun> & resolver={...}, const WebCore::InlineIterator & cleanLineStart={...}, const WebCore::BidiStatus & cleanLineBidiStatus={...}, unsigned int consecutiveHyphenatedLines=0) Line 1385	C++
> WebKit.dll!WebCore::ComplexLineLayout::layoutRunsAndFloats(WebCore::LineLayoutState & layoutState={...}, bool hasInlineChild=true) Line 1339	C++
> WebKit.dll!WebCore::ComplexLineLayout::layoutLineBoxes(bool relayoutChildren=true, WebCore::LayoutUnit & repaintLogicalTop={...}, WebCore::LayoutUnit & repaintLogicalBottom={...}) Line 1748	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutInlineChildren(bool relayoutChildren=true, WebCore::LayoutUnit & repaintLogicalTop={...}, WebCore::LayoutUnit & repaintLogicalBottom={...}) Line 702	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren=true, WebCore::LayoutUnit pageLogicalHeight={...}) Line 511	C++
> WebKit.dll!WebCore::RenderBlock::layout() Line 600	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child={...}, WebCore::RenderBlockFlow::MarginInfo & marginInfo={...}, WebCore::LayoutUnit & previousFloatLogicalBottom={...}, WebCore::LayoutUnit & maxFloatLogicalBottom={...}) Line 762	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren=true, WebCore::LayoutUnit & maxFloatLogicalBottom={...}) Line 662	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren=true, WebCore::LayoutUnit pageLogicalHeight={...}) Line 514	C++
> WebKit.dll!WebCore::RenderBlock::layout() Line 600	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child={...}, WebCore::RenderBlockFlow::MarginInfo & marginInfo={...}, WebCore::LayoutUnit & previousFloatLogicalBottom={...}, WebCore::LayoutUnit & maxFloatLogicalBottom={...}) Line 762	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren=true, WebCore::LayoutUnit & maxFloatLogicalBottom={...}) Line 662	C++
> WebKit.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren=true, WebCore::LayoutUnit pageLogicalHeight={...}) Line 514	C++
> WebKit.dll!WebCore::RenderBlock::layout() Line 600	C++
> WebKit.dll!WebCore::RenderView::layout() Line 189	C++
> WebKit.dll!WebCore::FrameViewLayoutContext::layout() Line 254	C++
> WebKit.dll!WebCore::Document::implicitClose() Line 3094	C++
> WebKit.dll!WebCore::FrameLoader::checkCallImplicitClose() Line 966	C++
> WebKit.dll!WebCore::FrameLoader::checkCompleted() Line 908	C++
> WebKit.dll!WebCore::FrameLoader::finishedParsing() Line 818	C++
> WebKit.dll!WebCore::Document::finishedParsing() Line 5886	C++
> WebKit.dll!WebCore::HTMLConstructionSite::finishedParsing() Line 420	C++
> WebKit.dll!WebCore::HTMLTreeBuilder::finished() Line 2845	C++
> WebKit.dll!WebCore::HTMLDocumentParser::end() Line 450	C++
> WebKit.dll!WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() Line 459	C++
> WebKit.dll!WebCore::HTMLDocumentParser::prepareToStopParsing() Line 154	C++
> WebKit.dll!WebCore::HTMLDocumentParser::attemptToEnd() Line 471	C++
> WebKit.dll!WebCore::HTMLDocumentParser::finish() Line 499	C++
> WebKit.dll!WebCore::DocumentWriter::end() Line 289	C++
> WebKit.dll!WebCore::DocumentLoader::finishedLoading() Line 453	C++
> WebKit.dll!WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource & resource={...}, const WebCore::NetworkLoadMetrics & __formal={...}) Line 397	C++
> WebKit.dll!WebCore::CachedResource::checkNotify(const WebCore::NetworkLoadMetrics & metrics={...}) Line 376	C++
> WebKit.dll!WebCore::CachedResource::finishLoading(WebCore::SharedBuffer * __formal=0x00000205732a6350, const WebCore::NetworkLoadMetrics & metrics={...}) Line 393	C++
> WebKit.dll!WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer * data=0x00000205732a6350, const WebCore::NetworkLoadMetrics & metrics={...}) Line 124	C++
> WebKit.dll!WebCore::SubresourceLoader::didFinishLoading(const WebCore::NetworkLoadMetrics & networkLoadMetrics={...}) Line 734	C++
> WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x00000205732b3250) Line 732	C++
> WebKit.dll!WebCore::CurlResourceHandleDelegate::curlDidComplete(WebCore::CurlRequest & __formal={...}, WebCore::NetworkLoadMetrics && __formal={...}) Line 164	C++
> WebKit.dll!WebCore::CurlRequest::didCompleteTransfer::__l11::<lambda>(WebCore::CurlRequest & request={...}, WebCore::CurlRequestClient & client={...}) Line 466	C++
> WebKit.dll!WTF::Detail::CallableWrapper<void <lambda>(WebCore::CurlRequest &, WebCore::CurlRequestClient &),void,WebCore::CurlRequest &,WebCore::CurlRequestClient &>::call(WebCore::CurlRequest & <in_0>={...}, WebCore::CurlRequestClient & <in_1>={...}) Line 52	C++
> WebKit.dll!WTF::Function<void __cdecl(WebCore::CurlRequest &,WebCore::CurlRequestClient &)>::operator()(WebCore::CurlRequest & <in_0>={...}, WebCore::CurlRequestClient & <in_1>={...}) Line 85	C++
> WebKit.dll!WebCore::CurlRequest::callClient::__l2::<lambda>() Line 184	C++
> WebKit.dll!WTF::Detail::CallableWrapper<void <lambda>(void),void>::call() Line 52	C++
> WTF.dll!WTF::Function<void __cdecl(void)>::operator()() Line 85	C++
> WTF.dll!WTF::dispatchFunctionsFromMainThread() Line 96	C++
> WTF.dll!WTF::ThreadingWindowWndProc(HWND__ * hWnd=0x0000000000302d22, unsigned int message=49943, unsigned __int64 wParam=0, __int64 lParam=0) Line 48	C++
> user32.dll!00007ffba0cc5c0d()	Unknown
> user32.dll!00007ffba0cc5602()	Unknown
> MiniBrowserLib.dll!wWinMain(HINSTANCE__ * hInstance=0x00007ff783b10000, HINSTANCE__ * hPrevInstance=0x0000000000000000, wchar_t * lpstrCmdLine=0x000002056d756814, int nCmdShow=10) Line 120	C++
> MiniBrowserLib.dll!dllLauncherEntryPoint(HINSTANCE__ * hInstance=0x00007ff783b10000, HINSTANCE__ * hPrevInstance=0x0000000000000000, wchar_t * lpstrCmdLine=0x000002056d756814, int nCmdShow=10) Line 140	C++
> MiniBrowser.exe!wWinMain(HINSTANCE__ * hInstance=0x00007ff783b10000, HINSTANCE__ * hPrevInstance=0x0000000000000000, wchar_t * lpstrCmdLine=0x000002056d756814, int nCmdShow=10) Line 224	C++
> [Inline Frame] MiniBrowser.exe!invoke_main() Line 118	C++
> MiniBrowser.exe!__scrt_common_main_seh() Line 288	C++
> kernel32.dll!00007ffb9f227bd4()	Unknown
> ntdll.dll!00007ffba0f0ce51()	Unknown

Mac Safari doesn't seem to have this issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200602/c2e9ec54/attachment-0001.htm>

More information about the webkit-unassigned mailing list