[Webkit-unassigned] [Bug 274780] [GTK] WebProcess crashes when reading pages

Wed May 29 07:44:40 PDT 2024

https://bugs.webkit.org/show_bug.cgi?id=274780

Adrian Perez <aperez at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |aperez at igalia.com

--- Comment #4 from Adrian Perez <aperez at igalia.com> ---
Which version of Clang resulted in the TextDecorationPainter crash? I used
to hit this often, but now using Clang 17 the problems seems to be gone.

I don't remember which version of Clang I had at the time, but I remembered
that I had a workaround in one of my Git stashes that I never got to truly
understand why it made things work... I had the intention of reporting the
issue to the LLVM/Clang people but never got round to it.

Here's the workaround:

---- 8< ---- 8< ----

diff --git a/Source/WebCore/rendering/TextDecorationPainter.cpp b/Source/WebCore/rendering/TextDecorationPainter.cpp
index 895c512156da..02d8f00d5aae 100644
--- a/Source/WebCore/rendering/TextDecorationPainter.cpp
+++ b/Source/WebCore/rendering/TextDecorationPainter.cpp
@@ -128,25 +128,26 @@ static DashArray translateIntersectionPointsToSkipInkBoundaries(const DashArray&
     // Step 2: Deal with intersecting ranges.
     Vector<std::pair<float, float>> intermediateTuples;
     if (tuples.size() >= 2) {
-        intermediateTuples.append(*tuples.begin());
-        for (auto i = tuples.begin() + 1; i != tuples.end(); i++) {
+        intermediateTuples.append(tuples[0]);
+        for (size_t i = 1; i < tuples.size(); i++) {
             float& firstEnd = intermediateTuples.last().second;
-            float secondStart = i->first;
-            float secondEnd = i->second;
+            float secondStart = tuples[i].first;
+            float secondEnd = tuples[i].second;
             if (secondStart <= firstEnd && secondEnd <= firstEnd) {
                 // Ignore this range completely
             } else if (secondStart <= firstEnd)
                 firstEnd = secondEnd;
             else
-                intermediateTuples.append(*i);
+                intermediateTuples.append(tuples[i]);
         }
     } else
-        intermediateTuples = tuples;
+        intermediateTuples = WTFMove(tuples);

     // Step 3: Output the space between the ranges, but only if the space warrants an underline.
     float previous = 0;
     DashArray result;
-    for (const auto& tuple : intermediateTuples) {
+    for (size_t i = 0; i < intermediateTuples.size(); i++) {
+        const auto& tuple = intermediateTuples[i];
         if (tuple.first - previous > dilationAmount) {
             result.append(previous);
             result.append(tuple.first);

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240529/240d76e9/attachment.htm>
