[Webkit-unassigned] [Bug 212427] New: REGRESSION (r254541): Valid mime types can only be added to the HashSet of the supported types for encoding

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 27 11:54:18 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=212427

            Bug ID: 212427
           Summary: REGRESSION (r254541): Valid mime types can only be
                    added to the HashSet of the supported types for
                    encoding
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Images
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sabouhallawa at apple.com

Sometimes we hit this crash when calling toDataURL on canvas:

Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000010)
[  0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::StringImpl::is8Bit() const at StringImpl.h:285:34

     0x00007fff3b6f2660:    pushq %rbp
     0x00007fff3b6f2661:     movq %rsp, %rbp
     0x00007fff3b6f2664:     movq (%rdi), %rcx
 ->  0x00007fff3b6f2667:    testb $0x4, 0x10(%rcx)
     0x00007fff3b6f266b:      jne 0x25f67a             ; <+26> [inlined] WTF::StringImpl::characters8() const at StringHash.h:112
     0x00007fff3b6f266d:     movq 0x8(%rcx), %rdi
     0x00007fff3b6f2671:     movl 0x4(%rcx), %esi
     0x00007fff3b6f2674:     popq %rbp

[  0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::ASCIICaseInsensitiveHash::hash(WTF::StringImpl&) at StringHash.h:111
[  0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::ASCIICaseInsensitiveHash::hash(WTF::StringImpl*) at StringHash.h:118
[  0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::ASCIICaseInsensitiveHash::hash(WTF::String const&) + 3 at StringHash.h:164
[  0] 0x00007fff3b6f2664 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) + 4 at HashTable.h:289
[  1] 0x00007fff3b6f249a WebCore`WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add(WTF::String const&) [inlined] WTF::HashTableAddResult<WTF::HashTableIterator<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> > > WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add<WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>, WTF::String const&, WTF::String const&>(WTF::String const&, WTF::String const&) + 62 at HashTable.h:938:22
[  1] 0x00007fff3b6f245c WebCore`WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add(WTF::String const&) + 28 at HashTable.h:466
[  2] 0x00007fff3ce1fee4 WebCore`WebCore::MIMETypeRegistry::createMIMETypeRegistryThreadGlobalData() [inlined] WTF::HashSet<WTF::String, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String> >::add(WTF::String const&) + 15 at HashSet.h:239:19
[  2] 0x00007fff3ce1fed5 WebCore`WebCore::MIMETypeRegistry::createMIMETypeRegistryThreadGlobalData() + 245 at MIMETypeRegistry.cpp:464
[  3] 0x00007fff3ce368d1 WebCore`WebCore::ThreadGlobalData::mimeTypeRegistryThreadGlobalData() + 49 at ThreadGlobalData.cpp:124:46
[  4] 0x00007fff3b6bd5e4 WebCore`WebCore::MIMETypeRegistry::isSupportedImageMIMETypeForEncoding(WTF::String const&) + 52 at MIMETypeRegistry.cpp:493:31
[  5] 0x00007fff3c9e57fb WebCore`WebCore::HTMLCanvasElement::toDataURL(WTF::String const&, JSC::JSValue) [inlined] WebCore::toEncodingMimeType(WTF::String const&) + 7 at HTMLCanvasElement.cpp:662:10
[  5] 0x00007fff3c9e57f4 WebCore`WebCore::HTMLCanvasElement::toDataURL(WTF::String const&, JSC::JSValue) + 164 at HTMLCanvasElement.cpp:690
[  6] 0x00007fff3bb5a944 WebCore`WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURL(JSC::JSGlobalObject*, JSC::CallFrame*) [inlined] WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURLBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLCanvasElement*, JSC::ThrowScope&) + 111 at JSHTMLCanvasElement.cpp:333:93
[  6] 0x00007fff3bb5a8d5 WebCore`WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURL(JSC::JSGlobalObject*, JSC::CallFrame*) [inlined] long long WebCore::IDLOperation<WebCore::JSHTMLCanvasElement>::call<&(WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURLBody(JSC::JSGl

There might be a bug or a behavior change in the underlying frameworks when converting a UTI to a mime type. But WebKit has to check the validity of the mime type before adding it to the HashSet.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200527/184ef669/attachment-0001.htm>

More information about the webkit-unassigned mailing list