[Webkit-unassigned] [Bug 212427] New: REGRESSION (r254541): Valid mime types can only be added to the HashSet of the supported types for encoding
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 27 11:54:18 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=212427
Bug ID: 212427
Summary: REGRESSION (r254541): Valid mime types can only be
added to the HashSet of the supported types for
encoding
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Images
Assignee: webkit-unassigned at lists.webkit.org
Reporter: sabouhallawa at apple.com
Sometimes we hit this crash when calling toDataURL on canvas:
Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000010)
[ 0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::StringImpl::is8Bit() const at StringImpl.h:285:34
0x00007fff3b6f2660: pushq %rbp
0x00007fff3b6f2661: movq %rsp, %rbp
0x00007fff3b6f2664: movq (%rdi), %rcx
-> 0x00007fff3b6f2667: testb $0x4, 0x10(%rcx)
0x00007fff3b6f266b: jne 0x25f67a ; <+26> [inlined] WTF::StringImpl::characters8() const at StringHash.h:112
0x00007fff3b6f266d: movq 0x8(%rcx), %rdi
0x00007fff3b6f2671: movl 0x4(%rcx), %esi
0x00007fff3b6f2674: popq %rbp
[ 0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::ASCIICaseInsensitiveHash::hash(WTF::StringImpl&) at StringHash.h:111
[ 0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::ASCIICaseInsensitiveHash::hash(WTF::StringImpl*) at StringHash.h:118
[ 0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::ASCIICaseInsensitiveHash::hash(WTF::String const&) + 3 at StringHash.h:164
[ 0] 0x00007fff3b6f2664 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) + 4 at HashTable.h:289
[ 1] 0x00007fff3b6f249a WebCore`WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add(WTF::String const&) [inlined] WTF::HashTableAddResult<WTF::HashTableIterator<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> > > WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add<WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>, WTF::String const&, WTF::String const&>(WTF::String const&, WTF::String const&) + 62 at HashTable.h:938:22
[ 1] 0x00007fff3b6f245c WebCore`WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add(WTF::String const&) + 28 at HashTable.h:466
[ 2] 0x00007fff3ce1fee4 WebCore`WebCore::MIMETypeRegistry::createMIMETypeRegistryThreadGlobalData() [inlined] WTF::HashSet<WTF::String, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String> >::add(WTF::String const&) + 15 at HashSet.h:239:19
[ 2] 0x00007fff3ce1fed5 WebCore`WebCore::MIMETypeRegistry::createMIMETypeRegistryThreadGlobalData() + 245 at MIMETypeRegistry.cpp:464
[ 3] 0x00007fff3ce368d1 WebCore`WebCore::ThreadGlobalData::mimeTypeRegistryThreadGlobalData() + 49 at ThreadGlobalData.cpp:124:46
[ 4] 0x00007fff3b6bd5e4 WebCore`WebCore::MIMETypeRegistry::isSupportedImageMIMETypeForEncoding(WTF::String const&) + 52 at MIMETypeRegistry.cpp:493:31
[ 5] 0x00007fff3c9e57fb WebCore`WebCore::HTMLCanvasElement::toDataURL(WTF::String const&, JSC::JSValue) [inlined] WebCore::toEncodingMimeType(WTF::String const&) + 7 at HTMLCanvasElement.cpp:662:10
[ 5] 0x00007fff3c9e57f4 WebCore`WebCore::HTMLCanvasElement::toDataURL(WTF::String const&, JSC::JSValue) + 164 at HTMLCanvasElement.cpp:690
[ 6] 0x00007fff3bb5a944 WebCore`WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURL(JSC::JSGlobalObject*, JSC::CallFrame*) [inlined] WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURLBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLCanvasElement*, JSC::ThrowScope&) + 111 at JSHTMLCanvasElement.cpp:333:93
[ 6] 0x00007fff3bb5a8d5 WebCore`WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURL(JSC::JSGlobalObject*, JSC::CallFrame*) [inlined] long long WebCore::IDLOperation<WebCore::JSHTMLCanvasElement>::call<&(WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURLBody(JSC::JSGl
There might be a bug or a behavior change in the underlying frameworks when converting a UTI to a mime type. But WebKit has to check the validity of the mime type before adding it to the HashSet.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200527/184ef669/attachment-0001.htm>
More information about the webkit-unassigned
mailing list