[Webkit-unassigned] [Bug 278871] New: Crash deep under WebCore::FontCascadeCache::retrieveOrAddCachedFonts
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 29 11:12:24 PDT 2024
https://bugs.webkit.org/show_bug.cgi?id=278871
Bug ID: 278871
Summary: Crash deep under
WebCore::FontCascadeCache::retrieveOrAddCachedFonts
Product: WebKit
Version: Other
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at redhat.com
CC: bugs-noreply at webkitgtk.org
Created attachment 472348
--> https://bugs.webkit.org/attachment.cgi?id=472348&action=review
Full backtrace
Not sure which website I was visiting at the time of this crash. Full backtrace attached.
#0 WTF::SuperFastHash::computeHashImpl<char16_t, WTF::ASCIICaseInsensitiveHash::FoldCase> (characters=Python Exception <class 'gdb.error'>: value has been optimized out
) at WTF/Headers/wtf/text/SuperFastHash.h:231
#1 WTF::SuperFastHash::computeHashAndMaskTop8Bits<char16_t, WTF::ASCIICaseInsensitiveHash::FoldCase> (data=Python Exception <class 'gdb.error'>: value has been optimized out
) at WTF/Headers/wtf/text/SuperFastHash.h:151
#2 WTF::StringHasher::computeHashAndMaskTop8Bits<char16_t, WTF::ASCIICaseInsensitiveHash::FoldCase> (data=Python Exception <class 'gdb.error'>: value has been optimized out
)
at WTF/Headers/wtf/text/StringHasherInlines.h:38
#3 WTF::ASCIICaseInsensitiveHash::hash<char16_t> (characters=Python Exception <class 'gdb.error'>: value has been optimized out
) at WTF/Headers/wtf/text/StringHash.h:124
#4 WTF::ASCIICaseInsensitiveHash::hash (string=<optimized out>) at WTF/Headers/wtf/text/StringHash.h:131
#5 0x00007fc8a7645dd7 in WTF::ASCIICaseInsensitiveHash::hash (string=0x7fc88aea88a0, string at entry=0x7ffe4d319e08) at WTF/Headers/wtf/text/StringHash.h:136
#6 WTF::ASCIICaseInsensitiveHash::hash (key=<error reading variable: Cannot access memory at address 0x10002>) at WTF/Headers/wtf/text/StringHash.h:186
#7 WebCore::FontCascadeDescription::familyNameHash (family=<error reading variable: Cannot access memory at address 0x10002>)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCascadeDescription.cpp:129
#8 WebCore::add (hasher=..., name=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCascadeCache.cpp:54
#9 WTF::add<WTF::Vector<WebCore::FontFamilyName, 3ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> > (hasher=..., container=<optimized out>)
at WTF/Headers/wtf/Hasher.h:148
#10 WTF::add<WebCore::FontDescriptionKey, WTF::Vector<WebCore::FontFamilyName, 3ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, unsigned int, unsigned int> (hasher=..., value1=<optimized out>, value2=<optimized out>, otherValues=@0x7fc69f4087e0: 105, otherValues=@0x7fc69f4087e4: 190)
at WTF/Headers/wtf/Hasher.h:197
#11 0x00007fc8a7645c99 in WebCore::add (hasher=..., key=...)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCascadeCache.h:237
#12 WTF::addArgs<WebCore::FontCascadeCacheKey> (hasher=..., arg=...) at WTF/Headers/wtf/Hasher.h:157
#13 WTF::computeHash<WebCore::FontCascadeCacheKey> (values=...) at WTF/Headers/wtf/Hasher.h:45
#14 WebCore::FontCascadeCacheKeyHash::hash (key=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCascadeCache.h:248
#15 WTF::IdentityHashTranslator<WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHash>::hash<WebCore::FontCascadeCacheKey> (key=...) at WTF/Headers/wtf/HashTable.h:301
#16 WTF::HashTable<WebCore::FontCascadeCacheKey, WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > > >, WebCore::FontCascadeCacheKeyHash, WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHashTraits>::lookupForReinsert<WTF::IdentityHashTranslator<WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHash>, WebCore::FontCascadeCacheKey> (this=<optimized out>, key=<optimized out>)
at WTF/Headers/wtf/HashTable.h:734
#17 WTF::HashTable<WebCore::FontCascadeCacheKey, WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > > >, WebCore::FontCascadeCacheKeyHash, WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHashTraits>::lookupForReinsert (this=0x7fc88a018ef0, key=...) at WTF/Headers/wtf/HashTable.h:536
#18 0x00007fc8a7645ae4 in WTF::HashTable<WebCore::FontCascadeCacheKey, WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > > >, WebCore::FontCascadeCacheKeyHash, WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHashTraits>::reinsert (this=0x7fc88a018ef0, entry=...)
at WTF/Headers/wtf/HashTable.h:1004
#19 WTF::HashTable<WebCore::FontCascadeCacheKey, WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > > >, WebCore::FontCascadeCacheKeyHash, WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHashTraits>::rehash (this=0x7fc88a018ef0, newTableSize=<optimized out>, entry=0x7fc69f40ad70)
at WTF/Headers/wtf/HashTable.h:1297
#20 0x00007fc8a763ef24 in WTF::HashTable<WebCore::FontCascadeCacheKey, WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > > >, WebCore::FontCascadeCacheKeyHash, WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontCascadeCacheKeyHashTraits>::expand (this=<optimized out>, entry=<optimized out>)
at WTF/Headers/wtf/HashTable.h:1192
#21 _ZN3WTF9HashTableIN7WebCore19FontCascadeCacheKeyENS_12KeyValuePairIS2_St10unique_ptrINS1_21FontCascadeCacheEntryESt14default_deleteIS5_EEEENS_24KeyValuePairKeyExtractorIS9_EENS1_23FontCascadeCacheKeyHashENS_7HashMapIS2_S8_SC_NS1_29FontCascadeCacheKeyHashTraitsENS_10HashTraitsIS8_EENS_15HashTableTraitsEE18KeyValuePairTraitsESE_E3addINS_17HashMapTranslatorISJ_SC_EERKS2_TkSt9invocableZNSI_9inlineAddISP_DnEENS_18HashTableAddResultINS_17HashTableIteratorISK_S2_S9_SB_SC_SJ_SE_EEEEOT_OT0_EUlvE_EESU_SY_RKT1_ (this=0x7fc88a018ef0, functor=..., key=<optimized out>) at WTF/Headers/wtf/HashTable.h:946
#22 WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::inlineAdd<WebCore::FontCascadeCacheKey const&, decltype(nullptr)>(WebCore::FontCascadeCacheKey const&, decltype(nullptr)&&) (this=0x7fc88a018ef0, value=<optimized out>, key=<optimized out>) at WTF/Headers/wtf/HashMap.h:423
--Type <RET> for more, q to quit, c to continue without paging--c
#23 WTF::HashMap<WebCore::FontCascadeCacheKey, std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> >, WebCore::FontCascadeCacheKeyHash, WebCore::FontCascadeCacheKeyHashTraits, WTF::HashTraits<std::unique_ptr<WebCore::FontCascadeCacheEntry, std::default_delete<WebCore::FontCascadeCacheEntry> > >, WTF::HashTableTraits>::add<decltype(nullptr)>(WebCore::FontCascadeCacheKey const&, decltype(nullptr)&&)
(this=0x7fc88a018ef0, key=..., mapped=<error reading variable: Attempt to dereference a generic pointer.>) at WTF/Headers/wtf/HashMap.h:465
#24 0x00007fc8a7634f89 in WebCore::FontCascadeCache::retrieveOrAddCachedFonts (this=0x7fc88a018ef0, fontDescription=..., fontSelector=...)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCascadeCache.cpp:105
#25 0x00007fc8a763710b in WebCore::FontCache::updateFontCascade (this=0x9e3779b9, fontCascade=..., fontSelector=...)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCache.cpp:351
#26 WebCore::FontCascade::update (this=0x7fc68e06e498, fontSelector=...)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/FontCascade.cpp:150
#27 0x00007fc8a7b736a2 in WebCore::Style::resolveForDocument (document=...)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/style/StyleResolveForDocument.cpp:103
#28 0x00007fc8a6d5c159 in WebCore::Document::resolveStyle (this=0x7fc87e11ea00, type=<optimized out>)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/dom/Document.cpp:2552
#29 0x00007fc8a6d5cc62 in WebCore::Document::updateStyleIfNeeded (this=0x7fc87e11ea00)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/dom/Document.cpp:2700
#30 0x00007fc8a756b89f in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7fc88a0e9110)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/ThreadTimers.cpp:125
#31 0x00007fc8a448d025 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::operator()(void*) const
(userData=0x7fc8a971b1c8 <WebCore::MainThreadSharedTimer::singleton()::instance+16>, this=<optimized out>)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:177
#32 WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*)
(userData=0x7fc8a971b1c8 <WebCore::MainThreadSharedTimer::singleton()::instance+16>)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:169
#33 0x00007fc8a448c0f1 in WTF::RunLoop::$_0::operator()
(source=0x5646ffedc9e0, callback=0x7fc8a448cf90 <WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*)>, userData=0x7fc8a971b1c8 <WebCore::MainThreadSharedTimer::singleton()::instance+16>, this=<optimized out>)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#34 WTF::RunLoop::$_0::__invoke
(source=0x5646ffedc9e0, callback=0x7fc8a448cf90 <WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*)>, userData=0x7fc8a971b1c8 <WebCore::MainThreadSharedTimer::singleton()::instance+16>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:45
#35 0x00007fc8a0912b27 in g_main_dispatch (context=context at entry=0x5646ffd4ff60) at ../glib/gmain.c:3357
#36 0x00007fc8a0914df7 in g_main_context_dispatch_unlocked (context=0x5646ffd4ff60) at ../glib/gmain.c:4208
#37 g_main_context_iterate_unlocked (context=0x5646ffd4ff60, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4273
#38 0x00007fc8a09158d7 in g_main_loop_run (loop=0x5646ffd48860) at ../glib/gmain.c:4475
#39 0x00007fc8a448c6ed in WTF::RunLoop::run () at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#40 0x00007fc8a5c19e8f in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run (this=0x7ffe4d31a8b0, argc=<optimized out>, argv=<optimized out>)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:72
#41 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk> (argc=<optimized out>, argv=<optimized out>)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:98
#42 WebKit::WebProcessMain (argc=4, argv=0x7ffe4d31aa48) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:106
#43 0x00007fc8a4c2f148 in __libc_start_call_main (main=main at entry=0x5646fbf46150 <main(int, char**)>, argc=argc at entry=4, argv=argv at entry=0x7ffe4d31aa48)
at ../sysdeps/nptl/libc_start_call_main.h:58
#44 0x00007fc8a4c2f20b in __libc_start_main_impl
(main=0x5646fbf46150 <main(int, char**)>, argc=4, argv=0x7ffe4d31aa48, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe4d31aa38) at ../csu/libc-start.c:360
#45 0x00005646fbf46085 in _start () at ../sysdeps/x86_64/start.S:115
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240829/361be69c/attachment-0001.htm>
More information about the webkit-unassigned
mailing list