Ladybird is crashing on linux.org.ru

[avbdr]

The website is pretty basic, but still with recent commits as of Jun 4 it crashes the browser

$ Ladybird 'https://www.linux.org.ru/news/linux-general/17637964?lastmod=1717609269841'
VERIFICATION FAILED: m_ptr at /mnt/avb/work/ladybird/AK/RefPtr.h:280
/usr/local/libexec/../lib/liblagom-ak.so.0(ak_verification_failed+0xbb) [0x7bbf72f73ecb]
/usr/local/libexec/../lib/liblagom-gfx.so.0 Gfx::ScaledFont::glyph(unsigned int, Gfx::GlyphSubpixelOffset) const 0x13c) [0x7bbf72c7b1ac]
/usr/local/libexec/../lib/liblagom-gfx.so.0 Gfx::Painter::draw_glyph(Gfx::Point, unsigned int, Gfx::Font const&, Gfx::Color) 0xa8) [0x7bbf72d75448]
/usr/local/libexec/../lib/liblagom-web.so.0 Web::Painting::CommandExecutorCPU::draw_glyph_run(Web::Painting::DrawGlyphRun const&) 0x1a0) [0x7bbf74321ad0]
/usr/local/libexec/../lib/liblagom-web.so.0 Web::Painting::CommandList::execute(Web::Painting::CommandExecutor&) 0xf3d) [0x7bbf743284ed]
/usr/local/libexec/WebContent(+0xc580e) [0x5f487f1cf80e]
/usr/local/libexec/WebContent(+0xc58a3) [0x5f487f1cf8a3]
/usr/local/libexec/../lib/liblagom-web.so.0(+0x8b0611) [0x7bbf740b0611]
/usr/local/libexec/../lib/liblagom-web.so.0(+0xb76fa9) [0x7bbf74376fa9]
/usr/local/libexec/../lib/liblagom-core.so.0 Core::Timer::timer_event(Core::TimerEvent&) 0xb2) [0x7bbf73726d42]
/usr/local/libexec/../lib/liblagom-core.so.0 Core::EventReceiver::dispatch_event(Core::Event&, Core::EventReceiver*) 0x4d) [0x7bbf7370d2fd]
/usr/local/libexec/WebContent(+0x3f697) [0x5f487f149697]
/usr/lib/libQt6Core.so.6(+0x19b57f) [0x7bbf7599b57f]
/usr/lib/libQt6Core.so.6 QTimer::timerEvent(QTimerEvent*) 0xa5) [0x7bbf759a0d05]
/usr/lib/libQt6Core.so.6 QObject::event(QEvent*) 0x226) [0x7bbf7598c0e6]
/usr/lib/libQt6Core.so.6 QCoreApplication::notifyInternal2(QObject*, QEvent*) 0x133) [0x7bbf7593fdf3]
/usr/lib/libQt6Core.so.6 QTimerInfoList::activateTimers() 0x5c8) [0x7bbf75ab7988]
/usr/lib/libQt6Core.so.6(+0x3957c9) [0x7bbf75b957c9]
/usr/lib/libglib-2.0.so.0(+0x5ca89) [0x7bbf71921a89]
/usr/lib/libglib-2.0.so.0(+0xbe9b7) [0x7bbf719839b7]
/usr/lib/libglib-2.0.so.0(g_main_context_iteration+0x35) [0x7bbf71920f95]
/usr/lib/libQt6Core.so.6 QEventDispatcherGlib::processEvents(QFlagsQEventLoop::ProcessEventsFlag) 0x89) [0x7bbf75b93389]
/usr/local/libexec/WebContent(+0x3f259) [0x5f487f149259]
/usr/local/libexec/../lib/liblagom-core.so.0 Core::EventLoop::spin_until(AK::Function<bool ()>) 0xbd) [0x7bbf7370624d]
/usr/local/libexec/../lib/liblagom-web.so.0 Web::Platform::EventLoopPluginSerenity::spin_until(JS::SafeFunction<bool ()>) 0x10a) [0x7bbf74375a3a]
/usr/local/libexec/../lib/liblagom-web.so.0 Web::HTML::EventLoop::spin_until(JS::SafeFunction<bool ()>) 0xee) [0x7bbf740b0a5e]
/usr/local/libexec/../lib/liblagom-web.so.0 Web::HTML::HTMLParser::the_end(JS::NonnullGCPtrWeb::DOM::Document, JS::GCPtrWeb::HTML::HTMLParser) 0x339) [0x7bbf741bb929]
/usr/local/libexec/../lib/liblagom-web.so.0 Web::HTML::HTMLParser::run(URL::URL const&, Web::HTML::HTMLTokenizer::StopAtInsertionPoint) 0x2ec) [0x7bbf741bbecc]
/usr/local/libexec/../lib/liblagom-web.so.0(+0xb76759) [0x7bbf74376759]
/usr/local/libexec/../lib/liblagom-core.so.0 Core::ThreadEventQueue::process() 0x3de) [0x7bbf7372674e]
/usr/local/libexec/WebContent(+0x3f81d) [0x5f487f14981d]
/usr/local/libexec/WebContent(+0x4084c) [0x5f487f14a84c]
/usr/lib/libQt6Core.so.6 QCoreApplication::notifyInternal2(QObject*, QEvent*) 0x133) [0x7bbf7593fdf3]
/usr/lib/libQt6Core.so.6 QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) 0x362) [0x7bbf759401d2]
/usr/lib/libQt6Core.so.6(+0x3959ac) [0x7bbf75b959ac]
/usr/lib/libglib-2.0.so.0(+0x5ca89) [0x7bbf71921a89]
/usr/lib/libglib-2.0.so.0(+0xbe9b7) [0x7bbf719839b7]
/usr/lib/libglib-2.0.so.0(g_main_context_iteration+0x35) [0x7bbf71920f95]
/usr/lib/libQt6Core.so.6 QEventDispatcherGlib::processEvents(QFlagsQEventLoop::ProcessEventsFlag) 0x89) [0x7bbf75b93389]
/usr/lib/libQt6Core.so.6 QEventLoop::exec(QFlagsQEventLoop::ProcessEventsFlag) 0x1b0) [0x7bbf75948350]
/usr/local/libexec/../lib/liblagom-core.so.0 Core::EventLoop::exec() 0x44) [0x7bbf737063b4]
/usr/local/libexec/WebContent(+0x4c7a4) [0x5f487f1567a4]
/usr/local/libexec/WebContent(main+0x81) [0x5f487f148621]
/usr/lib/libc.so.6(+0x25c88) [0x7bbf72639c88]
/usr/lib/libc.so.6(__libc_start_main+0x8c) [0x7bbf72639d4c]
/usr/local/libexec/WebContent(+0x3e7c5) [0x5f487f1487c5]
182674.829 Ladybird(274223): WebContent process crashed!
VERIFICATION FAILED: !is_error() at /mnt/avb/work/ladybird/AK/Error.h:202
/usr/local/bin/../lib/liblagom-ak.so.0(ak_verification_failed+0xbb) [0x75fb864b1ecb]
Ladybird(+0x60a34) [0x62a7bb7baa34]
/usr/local/bin/../lib/liblagom-webview.so.0 WebView::ViewImplementation::handle_web_content_process_crash() 0x57a) [0x75fb8706a77a]
/usr/local/bin/../lib/liblagom-core.so.0 Core::ThreadEventQueue::process() 0x3de) [0x75fb8659e74e]
Ladybird(+0x457bd) [0x62a7bb79f7bd]
Ladybird(+0x467ec) [0x62a7bb7a07ec]
/usr/lib/libQt6Widgets.so.6 QApplicationPrivate::notify_helper(QObject*, QEvent*) 0x4d) [0x75fb866fc44d]
/usr/lib/libQt6Core.so.6 QCoreApplication::notifyInternal2(QObject*, QEvent*) 0x158) [0x75fb8573fe18]
/usr/lib/libQt6Core.so.6 QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) 0x362) [0x75fb857401d2]
/usr/lib/libQt6Core.so.6(+0x3959ac) [0x75fb859959ac]
/usr/lib/libglib-2.0.so.0(+0x5ca89) [0x75fb817d0a89]
/usr/lib/libglib-2.0.so.0(+0xbe9b7) [0x75fb818329b7]
/usr/lib/libglib-2.0.so.0(g_main_context_iteration+0x35) [0x75fb817cff95]
/usr/lib/libQt6Core.so.6 QEventDispatcherGlib::processEvents(QFlagsQEventLoop::ProcessEventsFlag) 0x89) [0x75fb85993389]
/usr/lib/libQt6Core.so.6 QEventLoop::exec(QFlagsQEventLoop::ProcessEventsFlag) 0x1b0) [0x75fb85748350]
/usr/lib/libQt6Core.so.6 QCoreApplication::exec() 0x8d) [0x75fb85743c1d]
/usr/local/bin/../lib/liblagom-core.so.0 Core::EventLoop::exec() 0x44) [0x75fb8657e3b4]
Ladybird(+0x66f4e) [0x62a7bb7c0f4e]
Ladybird(main+0x81) [0x62a7bb782881]
/usr/lib/libc.so.6(+0x25c88) [0x75fb82439c88]
/usr/lib/libc.so.6(__libc_start_main+0x8c) [0x75fb82439d4c]
Ladybird(+0x28a25) [0x62a7bb782a25]
Illegal instruction (core dumped)

[tcl3]

This website seems to hit the exact same condition mentioned here: #114 (comment).

This issue happens with the Noto Serif font - the same font seen in the above comment, although not the Bold variant in this case. I'm not sure if the issue is with this font in particular though.

[vpzomtrrfrt]

I think I'm seeing the same crash, reproducible with a file that just contains ⁨

[vpzomtrrfrt]

bisecting shows a4a3703 as the commit that breaks it

[vpzomtrrfrt]

That commit changes bitmap to Nonnull, but that doesn't seem to actually be guaranteed

This patch avoids the crash, though I'm not sure if it's actually doing the right thing

diff --git a/Userland/Libraries/LibGfx/Font/Font.h b/Userland/Libraries/LibGfx/Font/Font.h
index bfa29c64db..35d9b941ae 100644
--- a/Userland/Libraries/LibGfx/Font/Font.h
+++ b/Userland/Libraries/LibGfx/Font/Font.h
@@ -21,7 +21,7 @@ namespace Gfx {
 
 class Glyph {
 public:
-    Glyph(NonnullRefPtr<Bitmap> bitmap, float left_bearing, float advance, float ascent, bool is_color_bitmap)
+    Glyph(RefPtr<Bitmap> bitmap, float left_bearing, float advance, float ascent, bool is_color_bitmap)
         : m_bitmap(bitmap)
         , m_left_bearing(left_bearing)
         , m_advance(advance)
@@ -38,7 +38,7 @@ public:
     float ascent() const { return m_ascent; }
 
 private:
-    NonnullRefPtr<Bitmap> m_bitmap;
+    RefPtr<Bitmap> m_bitmap;
     float m_left_bearing;
     float m_advance;
     float m_ascent;
diff --git a/Userland/Libraries/LibGfx/Font/ScaledFont.cpp b/Userland/Libraries/LibGfx/Font/ScaledFont.cpp
index 3494178391..855f3edf95 100644
--- a/Userland/Libraries/LibGfx/Font/ScaledFont.cpp
+++ b/Userland/Libraries/LibGfx/Font/ScaledFont.cpp
@@ -90,7 +90,7 @@ Gfx::Glyph ScaledFont::glyph(u32 code_point, GlyphSubpixelOffset subpixel_offset
     auto id = glyph_id_for_code_point(code_point);
     auto bitmap = rasterize_glyph(id, subpixel_offset);
     auto metrics = glyph_metrics(id);
-    return Gfx::Glyph(*bitmap, metrics.left_side_bearing, metrics.advance_width, metrics.ascender, m_font->has_color_bitmaps());
+    return Gfx::Glyph(bitmap, metrics.left_side_bearing, metrics.advance_width, metrics.ascender, m_font->has_color_bitmaps());
 }
 
 float ScaledFont::glyph_left_bearing(u32 code_point) const
diff --git a/Userland/Libraries/LibGfx/Painter.cpp b/Userland/Libraries/LibGfx/Painter.cpp
index 7b6dbbe16d..68ad8891d1 100644
--- a/Userland/Libraries/LibGfx/Painter.cpp
+++ b/Userland/Libraries/LibGfx/Painter.cpp
@@ -862,7 +862,7 @@ FLATTEN void Painter::draw_glyph(FloatPoint point, u32 code_point, Font const& f
         blit_filtered(glyph_position.blit_position, *glyph.bitmap(), glyph.bitmap()->rect(), [color](Color pixel) -> Color {
             return pixel.multiply(color);
         });
-    } else {
+    } else if(glyph.bitmap()) {
         blit_filtered(glyph_position.blit_position, *glyph.bitmap(), glyph.bitmap()->rect(), [color](Color pixel) -> Color {
             return color.with_alpha(pixel.alpha());
         });

[avbdr]

@vpzomtrrfrt this is indeed fixing problem for me too