[Webkit-unassigned] [Bug 228893] New: WTFCrash in WebCore::FontCache::lastResortFallbackFont

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Aug 7 01:00:26 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=228893

            Bug ID: 228893
           Summary: WTFCrash in WebCore::FontCache::lastResortFallbackFont
           Product: WebKit
           Version: WebKit Local Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: tlock.chijin at gmail.com
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

Created attachment 435120

  --> https://bugs.webkit.org/attachment.cgi?id=435120&action=review

This file is generated by a browser fuzzer

When the attachment is opened by MiniBrowser, a WTFCrash is raised. 

OS: ubuntu 20.04
WebKit: webkit chunk; commit: bf8523d11fc7a9fd8cbcc6f85dd31df3ceb2b138


Asan message:


```
1   0x7fe6d3a509e0 WTFReportBacktrace
2   0x7fe6d3a50ec6 WTFCrash
3   0x7fe6d67cdeef /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x1547eef) [0x7fe6d67cdeef]
4   0x7fe6de6a2359 WebCore::FontCache::lastResortFallbackFont(WebCore::FontDescription const&)
5   0x7fe6dcd54db4 WebCore::FontCascadeFonts::realizeFallbackRangesAt(WebCore::FontCascadeDescription const&, unsigned int)
6   0x7fe6db60c83c /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x638683c) [0x7fe6db60c83c]
7   0x7fe6dda38855 /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x87b2855) [0x7fe6dda38855]
8   0x7fe6dd3e27ea /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x815c7ea) [0x7fe6dd3e27ea]
9   0x7fe6dd970a90 /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x86eaa90) [0x7fe6dd970a90]
10  0x7fe6dd96e7b2 /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x86e87b2) [0x7fe6dd96e7b2]
11  0x7fe6dd38ab6e /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x8104b6e) [0x7fe6dd38ab6e]
12  0x7fe6dd385097 /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x80ff097) [0x7fe6dd385097]
13  0x7fe6dd395e70 /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x810fe70) [0x7fe6dd395e70]
14  0x7fe6dd4320de /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x81ac0de) [0x7fe6dd4320de]
15  0x7fe6dd3c473f /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x813e73f) [0x7fe6dd3c473f]
16  0x7fe6dd43c22b /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x81b622b) [0x7fe6dd43c22b]
17  0x7fe6dd436469 /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x81b0469) [0x7fe6dd436469]
18  0x7fe6dd4320cb /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x81ac0cb) [0x7fe6dd4320cb]
19  0x7fe6dd3c473f /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x813e73f) [0x7fe6dd3c473f]
20  0x7fe6dd43c22b /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x81b622b) [0x7fe6dd43c22b]
21  0x7fe6dd436469 /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x81b0469) [0x7fe6dd436469]
22  0x7fe6dd4320cb /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x81ac0cb) [0x7fe6dd4320cb]
23  0x7fe6dd3c473f /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x813e73f) [0x7fe6dd3c473f]
24  0x7fe6dd43c22b /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x81b622b) [0x7fe6dd43c22b]
25  0x7fe6dd436469 /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x81b0469) [0x7fe6dd436469]
26  0x7fe6dd4320cb /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x81ac0cb) [0x7fe6dd4320cb]
27  0x7fe6dd3c473f /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x813e73f) [0x7fe6dd3c473f]
28  0x7fe6dd919069 /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x8693069) [0x7fe6dd919069]
29  0x7fe6dc81c2b7 /path/to/WebKitBuild/GTK/Release/lib/libwebkit2gtk-4.0.so.37(+0x75962b7) [0x7fe6dc81c2b7]
30  0x7fe6db1095f2 WebCore::Document::updateLayout()
31  0x7fe6db10e5c6 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks)

```

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210807/9652eb9a/attachment-0001.htm>

More information about the webkit-unassigned mailing list