[Webkit-unassigned] [Bug 229740] REGRESSION(r281439)[GTK] fast/box-shadow/box-shadow-huge-area-crash.html is flaky fail / crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 23 06:16:35 PST 2023
https://bugs.webkit.org/show_bug.cgi?id=229740
Vitaly Dyackhov <vitaly at igalia.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vitaly at igalia.com
--- Comment #4 from Vitaly Dyackhov <vitaly at igalia.com> ---
OK, I think I figured this one out. The cause of this issue is `hb_position_t` aka `int32_t`. This type is used to represent advances and offset of a glyph in `hb_buffer`. Its format is 16.16, i.e. 16 bits for the integer part and 16 bits for the fractional precision part. See https://github.com/harfbuzz/harfbuzz/issues/2714 for details. But it is *singed* and the first bit is the sign bit. That means the maximum advance and offset value is 2^15 and not 2^16. This limits the maximum advance and offset value to `std::numeric_limits<short>::max()` i.e 32767.
We use HarfBuzz to measure text size only when the complex text code path is taken. Until 259842 at main WPE port used the simple code path when possible. This explains why the issue was reproducible only on GTK port.
PR is coming :)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230223/ddac5fe5/attachment-0001.htm>
More information about the webkit-unassigned
mailing list