<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - svg/W3C-SVG-1.1/text-fonts-03-t.svg crashing under WebCore::Font::isLoading()"
href="https://bugs.webkit.org/show_bug.cgi?id=157661">157661</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>svg/W3C-SVG-1.1/text-fonts-03-t.svg crashing under WebCore::Font::isLoading()
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>SVG
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>cdumez@apple.com
</td>
</tr>
<tr>
<th>CC</th>
<td>mmaxfield@apple.com, sabouhallawa@apple.com, zimmermann@kde.org
</td>
</tr></table>
<p>
<div>
<pre>svg/W3C-SVG-1.1/text-fonts-03-t.svg is crashing under WebCore::Font::isLoading() when I run the layout tests locally. I think this started less than a week ago:
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000538
Exception Note: EXC_CORPSE_NOTIFY
VM Regions Near 0x538:
-->
__TEXT 0000000104b39000-0000000104b3b000 [ 8K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development
Application Specific Information:
CRASHING TEST: svg/W3C-SVG-1.1/text-fonts-03-t.svg
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x000000010ba9d07c WebCore::Font::isLoading() const + 12 (Font.h:169)
1 com.apple.WebCore 0x000000010ba9cd1b WebCore::CSSFontAccessor::isLoading() const + 91 (CSSSegmentedFontFace.cpp:87)
2 com.apple.WebCore 0x000000010bee54ae WebCore::FontRanges::isLoading() const + 94 (FontRanges.cpp:110)
3 com.apple.WebCore 0x000000010bec5004 WebCore::FontCascadeFonts::isLoadingCustomFonts() const + 84 (FontCascadeFonts.cpp:133)
4 com.apple.WebCore 0x000000010beadd32 WebCore::FontCascade::isLoadingCustomFonts() const + 82 (FontCascade.cpp:1118)
5 com.apple.WebCore 0x000000010beae9fc WebCore::FontCascade::drawText(WebCore::GraphicsContext&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, WebCore::FontCascade::CustomFontNotReadyAction) const + 60 (FontCascade.cpp:309)
6 com.apple.WebCore 0x000000010d31cbd8 WebCore::SVGInlineTextBox::paintTextWithShadows(WebCore::GraphicsContext&, WebCore::RenderStyle const*, WebCore::TextRun&, WebCore::SVGTextFragment const&, int, int) + 728 (SVGInlineTextBox.cpp:573)
7 com.apple.WebCore 0x000000010d31bd2d WebCore::SVGInlineTextBox::paintText(WebCore::GraphicsContext&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::SVGTextFragment const&, bool, bool) + 957 (SVGInlineTextBox.cpp:603)
8 com.apple.WebCore 0x000000010d31b675 WebCore::SVGInlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 1461 (SVGInlineTextBox.cpp:311)
9 com.apple.WebCore 0x000000010d328043 WebCore::SVGRootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 707 (SVGRootInlineBox.cpp:69)
10 com.apple.WebCore 0x000000010d24fecf WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const + 1999 (RenderLineBoxList.cpp:262)
11 com.apple.WebCore 0x000000010d0cc357 WebCore::RenderBlockFlow::paintInlineChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 183 (RenderBlockFlow.cpp:3547)
12 com.apple.WebCore 0x000000010d0849fc WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 140 (RenderBlock.cpp:1446)
13 com.apple.WebCore 0x000000010d085728 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 904 (RenderBlock.cpp:1599)
14 com.apple.WebCore 0x000000010d084832 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 338 (RenderBlock.cpp:1426)
15 com.apple.WebCore 0x000000010d318b31 WebCore::RenderSVGText::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 225 (RenderSVGText.cpp:493)
16 com.apple.WebCore 0x000000010d2f8446 WebCore::RenderSVGContainer::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 694 (RenderSVGContainer.cpp:141)
17 com.apple.WebCore 0x000000010d313fae WebCore::RenderSVGRoot::paintReplaced(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1262 (RenderSVGRoot.cpp:286)
18 com.apple.WebCore 0x000000010d2c0d28 WebCore::RenderReplaced::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1416 (RenderReplaced.cpp:191)
19 com.apple.WebCore 0x000000010d1f11c3 WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) + 643 (RenderLayer.cpp:4758)
20 com.apple.WebCore 0x000000010d1eed57 WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*, bool) + 727 (RenderLayer.cpp:4733)
21 com.apple.WebCore 0x000000010d1ead88 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 2904 (RenderLayer.cpp:4355)
22 com.apple.WebCore 0x000000010d1ea21b WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 267 (RenderLayer.cpp:4012)
23 com.apple.WebCore 0x000000010d1e8e9b WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 1451 (RenderLayer.cpp:3994)
24 com.apple.WebCore 0x000000010d1eea54 WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 196 (RenderLayer.cpp:4464)
25 com.apple.WebCore 0x000000010d1eae61 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 3121 (RenderLayer.cpp:4365)
26 com.apple.WebCore 0x000000010d21e9a7 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, unsigned int, unsigned int) + 711 (RenderLayerBacking.cpp:2332)
27 com.apple.WebCore 0x000000010d21edc0 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, unsigned int, WebCore::FloatRect const&) + 768 (RenderLayerBacking.cpp:2370)
28 com.apple.WebCore 0x000000010c0746bb WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&) + 171 (GraphicsLayer.cpp:417)
29 com.apple.WebCore 0x000000010c0861f1 WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) + 1569 (GraphicsLayerCA.cpp:1471)
30 com.apple.WebCore 0x000000010c08624f non-virtual thunk to WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) + 63 (GraphicsLayerCA.cpp:1455)
31 com.apple.WebCore 0x000000010d00d3c6 WebCore::PlatformCALayer::drawLayerContents(CGContext*, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul>&) + 742 (PlatformCALayerCocoa.mm:1077)
32 com.apple.WebCore 0x000000010d9d2385 WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) + 309 (TileGrid.cpp:690)
33 com.apple.WebCore 0x000000010dbd7114 -[WebSimpleLayer drawInContext:] + 372 (WebLayer.mm:131)
34 com.apple.QuartzCore 0x00007fff95ff2b19 CABackingStoreUpdate_ + 3494
35 com.apple.QuartzCore 0x00007fff95ff1d6d ___ZN2CA5Layer8display_Ev_block_invoke + 59
36 com.apple.QuartzCore 0x00007fff95ff1759 CA::Layer::display_() + 1565
37 com.apple.WebCore 0x000000010dbd6f39 -[WebSimpleLayer display] + 105 (WebLayer.mm:112)
38 com.apple.QuartzCore 0x00007fff95fe34a5 CA::Layer::display_if_needed(CA::Transaction*) + 603
39 com.apple.QuartzCore 0x00007fff95fe2fcd CA::Layer::layout_and_display_if_needed(CA::Transaction*) + 35
40 com.apple.QuartzCore 0x00007fff95fe24a1 CA::Context::commit_transaction(CA::Transaction*) + 277
41 com.apple.QuartzCore 0x00007fff95fe20ec CA::Transaction::commit() + 508
42 com.apple.WebKit 0x000000010509c283 WebKit::TiledCoreAnimationDrawingArea::forceRepaint() + 227 (TiledCoreAnimationDrawingArea.mm:147)
43 com.apple.WebKit 0x00000001052b0b88 WebKit::WebPage::forceRepaintWithoutCallback() + 56 (WebPage.cpp:2814)
44 com.apple.WebKit 0x00000001055e78ad WKBundlePageForceRepaint + 29 (WKBundlePage.cpp:478)
45 WebKitTestRunnerInjectedBundle 0x0000000119664f0c WTR::InjectedBundlePage::dump() + 108 (InjectedBundlePage.cpp:859)
46 WebKitTestRunnerInjectedBundle 0x00000001196648d2 WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*, bool) + 178 (InjectedBundlePage.cpp:2025)
47 WebKitTestRunnerInjectedBundle 0x0000000119663137 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*) + 119 (InjectedBundlePage.cpp:938)
48 WebKitTestRunnerInjectedBundle 0x0000000119661de8 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*) + 40 (InjectedBundlePage.cpp:560)
49 com.apple.WebKit 0x0000000104d11b66 WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&) + 118 (InjectedBundlePageLoaderClient.cpp:146)
50 com.apple.WebKit 0x00000001051cfcdd WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() + 141 (WebFrameLoaderClient.cpp:561)
51 com.apple.WebCore 0x000000010bf9c80b WebCore::FrameLoader::checkLoadCompleteForThisFrame() + 2267 (FrameLoader.cpp:2319)
52 com.apple.WebCore 0x000000010bf9419e WebCore::FrameLoader::checkLoadComplete() + 478 (FrameLoader.cpp:2465)
53 com.apple.WebCore 0x000000010bc33f8f WebCore::DocumentLoader::finishedLoading(double) + 495 (DocumentLoader.cpp:445)
54 com.apple.WebCore 0x000000010bc33d15 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) + 389 (DocumentLoader.cpp:384)
55 com.apple.WebCore 0x000000010b74a222 WebCore::CachedResource::checkNotify() + 130 (CachedResource.cpp:298)
56 com.apple.WebCore 0x000000010b74a331 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) + 49 (CachedResource.cpp:316)
57 com.apple.WebCore 0x000000010b745a9a WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 218 (CachedRawResource.cpp:104)
58 com.apple.WebCore 0x000000010d7ca074 WebCore::SubresourceLoader::didFinishLoading(double) + 532 (SubresourceLoader.cpp:431)
59 com.apple.WebKit 0x00000001054e8527 WebKit::WebResourceLoader::didFinishResourceLoad(double) + 151 (WebResourceLoader.cpp:160)
60 com.apple.WebKit 0x00000001054ed473 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) + 163 (HandleMessage.h:17)
61 com.apple.WebKit 0x00000001054ed3c8 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 88 (HandleMessage.h:23)
62 com.apple.WebKit 0x00000001054ec4e2 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 226 (HandleMessage.h:93)
63 com.apple.WebKit 0x00000001054ebc5c WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 636 (WebResourceLoaderMessageReceiver.cpp:66)
64 com.apple.WebKit 0x0000000104e87330 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 160 (NetworkProcessConnection.cpp:60)
65 com.apple.WebKit 0x0000000104c0f3c3 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:896)
66 com.apple.WebKit 0x0000000104c06994 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 724 (Connection.cpp:928)
67 com.apple.WebKit 0x0000000104c0f9bf IPC::Connection::dispatchOneMessage() + 1519 (Connection.cpp:957)
68 com.apple.WebKit 0x0000000104c20d2d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const + 29 (Connection.cpp:890)
69 com.apple.WebKit 0x0000000104c20cfd void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) + 45 (__functional_base:441)
70 com.apple.WebKit 0x0000000104c20b4c std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() + 44 (functional:1407)
71 com.apple.JavaScriptCore 0x0000000108a8f04a std::__1::function<void ()>::operator()() const + 26 (functional:1793)
72 com.apple.JavaScriptCore 0x00000001091fe392 WTF::RunLoop::performWork() + 306 (RunLoop.cpp:106)
73 com.apple.JavaScriptCore 0x00000001091febb4 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>