Bug 212427 - REGRESSION (r254541): Valid mime types can only be added to the HashSet of the supported types for encoding
Summary: REGRESSION (r254541): Valid mime types can only be added to the HashSet of th...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Images (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Said Abou-Hallawa
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-05-27 11:54 PDT by Said Abou-Hallawa
Modified: 2020-05-27 12:48 PDT (History)
2 users (show)

See Also:

Attachments
Patch (1.92 KB, patch)
2020-05-27 11:59 PDT, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Said Abou-Hallawa 2020-05-27 11:54:18 PDT 
Sometimes we hit this crash when calling toDataURL on canvas:

Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000010)
[  0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::StringImpl::is8Bit() const at StringImpl.h:285:34

     0x00007fff3b6f2660:    pushq %rbp
     0x00007fff3b6f2661:     movq %rsp, %rbp
     0x00007fff3b6f2664:     movq (%rdi), %rcx
 ->  0x00007fff3b6f2667:    testb $0x4, 0x10(%rcx)
     0x00007fff3b6f266b:      jne 0x25f67a             ; <+26> [inlined] WTF::StringImpl::characters8() const at StringHash.h:112
     0x00007fff3b6f266d:     movq 0x8(%rcx), %rdi
     0x00007fff3b6f2671:     movl 0x4(%rcx), %esi
     0x00007fff3b6f2674:     popq %rbp

[  0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::ASCIICaseInsensitiveHash::hash(WTF::StringImpl&) at StringHash.h:111
[  0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::ASCIICaseInsensitiveHash::hash(WTF::StringImpl*) at StringHash.h:118
[  0] 0x00007fff3b6f2667 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) [inlined] WTF::ASCIICaseInsensitiveHash::hash(WTF::String const&) + 3 at StringHash.h:164
[  0] 0x00007fff3b6f2664 WebCore`unsigned int WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>::hash<WTF::String>(WTF::String const&) + 4 at HashTable.h:289
[  1] 0x00007fff3b6f249a WebCore`WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add(WTF::String const&) [inlined] WTF::HashTableAddResult<WTF::HashTableIterator<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> > > WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add<WTF::IdentityHashTranslator<WTF::HashTraits<WTF::String>, WTF::ASCIICaseInsensitiveHash>, WTF::String const&, WTF::String const&>(WTF::String const&, WTF::String const&) + 62 at HashTable.h:938:22
[  1] 0x00007fff3b6f245c WebCore`WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add(WTF::String const&) + 28 at HashTable.h:466
[  2] 0x00007fff3ce1fee4 WebCore`WebCore::MIMETypeRegistry::createMIMETypeRegistryThreadGlobalData() [inlined] WTF::HashSet<WTF::String, WTF::ASCIICaseInsensitiveHash, WTF::HashTraits<WTF::String> >::add(WTF::String const&) + 15 at HashSet.h:239:19
[  2] 0x00007fff3ce1fed5 WebCore`WebCore::MIMETypeRegistry::createMIMETypeRegistryThreadGlobalData() + 245 at MIMETypeRegistry.cpp:464
[  3] 0x00007fff3ce368d1 WebCore`WebCore::ThreadGlobalData::mimeTypeRegistryThreadGlobalData() + 49 at ThreadGlobalData.cpp:124:46
[  4] 0x00007fff3b6bd5e4 WebCore`WebCore::MIMETypeRegistry::isSupportedImageMIMETypeForEncoding(WTF::String const&) + 52 at MIMETypeRegistry.cpp:493:31
[  5] 0x00007fff3c9e57fb WebCore`WebCore::HTMLCanvasElement::toDataURL(WTF::String const&, JSC::JSValue) [inlined] WebCore::toEncodingMimeType(WTF::String const&) + 7 at HTMLCanvasElement.cpp:662:10
[  5] 0x00007fff3c9e57f4 WebCore`WebCore::HTMLCanvasElement::toDataURL(WTF::String const&, JSC::JSValue) + 164 at HTMLCanvasElement.cpp:690
[  6] 0x00007fff3bb5a944 WebCore`WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURL(JSC::JSGlobalObject*, JSC::CallFrame*) [inlined] WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURLBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLCanvasElement*, JSC::ThrowScope&) + 111 at JSHTMLCanvasElement.cpp:333:93
[  6] 0x00007fff3bb5a8d5 WebCore`WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURL(JSC::JSGlobalObject*, JSC::CallFrame*) [inlined] long long WebCore::IDLOperation<WebCore::JSHTMLCanvasElement>::call<&(WebCore::jsHTMLCanvasElementPrototypeFunctionToDataURLBody(JSC::JSGl

There might be a bug or a behavior change in the underlying frameworks when converting a UTI to a mime type. But WebKit has to check the validity of the mime type before adding it to the HashSet.
Comment 1 Said Abou-Hallawa 2020-05-27 11:55:12 PDT 
<rdar://problem/63540492>
Comment 2 Said Abou-Hallawa 2020-05-27 11:59:22 PDT 
Created attachment 400362 [details]
Patch
Comment 3 EWS 2020-05-27 12:48:57 PDT 
Committed r262208: <https://trac.webkit.org/changeset/262208>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 400362 [details].