==6571== Invalid read of size 2 ==6571== at 0xB6211C4: QFontEngineFT::stringToCMap(QChar const*, int, QGlyphLayout*, int*, QFlags) const [clone .part.20] (qchar.h:251) ==6571== by 0xB55309B: QFontEngineMulti::stringToCMap(QChar const*, int, QGlyphLayout*, int*, QFlags) const (qfontengine.cpp:1338) ==6571== by 0xB563E49: QFontMetrics::width(QString const&, int, int) const (qfontmetrics.cpp:569) ==6571== by 0x6101FA0: WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (FontQt4.cpp:376) ==6571== by 0x5C18F77: WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (Font.cpp:269) ==6571== by 0x5C31B3F: WebCore::GraphicsContext::drawHighlightForText(WebCore::Font const&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, WebCore::Color const&, WebCore::ColorSpace, int, int) (GraphicsContext.cpp:446) ==6571== by 0x5D3D07E: WebCore::InlineTextBox::paintSelection(WebCore::GraphicsContext*, WebCore::FloatPoint const&, WebCore::RenderStyle*, WebCore::Font const&, WebCore::Color) (InlineTextBox.cpp:884) ==6571== by 0x5D3B708: WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineTextBox.cpp:661) ==6571== by 0x5D30F90: WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineFlowBox.cpp:1117) ==6571== by 0x5F292FA: WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (RootInlineBox.cpp:210) ==6571== by 0x5E7914D: WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const (RenderLineBoxList.cpp:262) ==6571== by 0x5D5A217: WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (RenderBlock.cpp:2943) ==6571== Address 0x1f05f13c is 0 bytes after a block of size 76 alloc'd ==6571== at 0x4C284A0: malloc (vg_replace_malloc.c:291) ==6571== by 0x6C6D213: WTF::fastMalloc(unsigned long) (FastMalloc.cpp:269) ==6571== by 0x6C8AFFC: WTF::StringImpl::getData16SlowCase() const (StringImpl.cpp:314) ==6571== by 0x52F9A72: WTF::StringImpl::characters() const (StringImpl.h:474) ==6571== by 0x52F9AAC: WTF::String::characters() const (WTFString.h:176) ==6571== by 0x60FF699: WebCore::fromRawDataWithoutRef(WTF::String const&, int, int) (FontQt4.cpp:59) ==6571== by 0x6101EF5: WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (FontQt4.cpp:373) ==6571== by 0x5C18F77: WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (Font.cpp:269) ==6571== by 0x5C31B3F: WebCore::GraphicsContext::drawHighlightForText(WebCore::Font const&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, WebCore::Color const&, WebCore::ColorSpace, int, int) (GraphicsContext.cpp:446) ==6571== by 0x5D3D07E: WebCore::InlineTextBox::paintSelection(WebCore::GraphicsContext*, WebCore::FloatPoint const&, WebCore::RenderStyle*, WebCore::Font const&, WebCore::Color) (InlineTextBox.cpp:884) ==6571== by 0x5D3B708: WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineTextBox.cpp:661) ==6571== by 0x5D30F90: WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineFlowBox.cpp:1117) ==6571== ==6571== Invalid read of size 2 ==6571== at 0xB55312A: QFontEngineMulti::stringToCMap(QChar const*, int, QGlyphLayout*, int*, QFlags) const (qchar.h:277) ==6571== by 0xB563E49: QFontMetrics::width(QString const&, int, int) const (qfontmetrics.cpp:569) ==6571== by 0x6101FA0: WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (FontQt4.cpp:376) ==6571== by 0x5C18F77: WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (Font.cpp:269) ==6571== by 0x5C31B3F: WebCore::GraphicsContext::drawHighlightForText(WebCore::Font const&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, WebCore::Color const&, WebCore::ColorSpace, int, int) (GraphicsContext.cpp:446) ==6571== by 0x5D3D07E: WebCore::InlineTextBox::paintSelection(WebCore::GraphicsContext*, WebCore::FloatPoint const&, WebCore::RenderStyle*, WebCore::Font const&, WebCore::Color) (InlineTextBox.cpp:884) ==6571== by 0x5D3B708: WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineTextBox.cpp:661) ==6571== by 0x5D30F90: WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineFlowBox.cpp:1117) ==6571== by 0x5F292FA: WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (RootInlineBox.cpp:210) ==6571== by 0x5E7914D: WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const (RenderLineBoxList.cpp:262) ==6571== by 0x5D5A217: WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (RenderBlock.cpp:2943) ==6571== by 0x5D5AD8D: WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (RenderBlock.cpp:3061) ==6571== Address 0x1f05f13c is 0 bytes after a block of size 76 alloc'd ==6571== at 0x4C284A0: malloc (vg_replace_malloc.c:291) ==6571== by 0x6C6D213: WTF::fastMalloc(unsigned long) (FastMalloc.cpp:269) ==6571== by 0x6C8AFFC: WTF::StringImpl::getData16SlowCase() const (StringImpl.cpp:314) ==6571== by 0x52F9A72: WTF::StringImpl::characters() const (StringImpl.h:474) ==6571== by 0x52F9AAC: WTF::String::characters() const (WTFString.h:176) ==6571== by 0x60FF699: WebCore::fromRawDataWithoutRef(WTF::String const&, int, int) (FontQt4.cpp:59) ==6571== by 0x6101EF5: WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (FontQt4.cpp:373) ==6571== by 0x5C18F77: WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (Font.cpp:269) ==6571== by 0x5C31B3F: WebCore::GraphicsContext::drawHighlightForText(WebCore::Font const&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, WebCore::Color const&, WebCore::ColorSpace, int, int) (GraphicsContext.cpp:446) ==6571== by 0x5D3D07E: WebCore::InlineTextBox::paintSelection(WebCore::GraphicsContext*, WebCore::FloatPoint const&, WebCore::RenderStyle*, WebCore::Font const&, WebCore::Color) (InlineTextBox.cpp:884) ==6571== by 0x5D3B708: WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineTextBox.cpp:661) ==6571== by 0x5D30F90: WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineFlowBox.cpp:1117) ==6571== ==6571== Invalid read of size 2 ==6571== at 0xC22F560: QChar::category() const (qchar.cpp:756) ==6571== by 0xB553166: QFontEngineMulti::stringToCMap(QChar const*, int, QGlyphLayout*, int*, QFlags) const (qfontengine.cpp:1345) ==6571== by 0xB563E49: QFontMetrics::width(QString const&, int, int) const (qfontmetrics.cpp:569) ==6571== by 0x6101FA0: WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (FontQt4.cpp:376) ==6571== by 0x5C18F77: WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (Font.cpp:269) ==6571== by 0x5C31B3F: WebCore::GraphicsContext::drawHighlightForText(WebCore::Font const&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, WebCore::Color const&, WebCore::ColorSpace, int, int) (GraphicsContext.cpp:446) ==6571== by 0x5D3D07E: WebCore::InlineTextBox::paintSelection(WebCore::GraphicsContext*, WebCore::FloatPoint const&, WebCore::RenderStyle*, WebCore::Font const&, WebCore::Color) (InlineTextBox.cpp:884) ==6571== by 0x5D3B708: WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineTextBox.cpp:661) ==6571== by 0x5D30F90: WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineFlowBox.cpp:1117) ==6571== by 0x5F292FA: WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (RootInlineBox.cpp:210) ==6571== by 0x5E7914D: WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const (RenderLineBoxList.cpp:262) ==6571== by 0x5D5A217: WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (RenderBlock.cpp:2943) ==6571== Address 0x1f05f13c is 0 bytes after a block of size 76 alloc'd ==6571== at 0x4C284A0: malloc (vg_replace_malloc.c:291) ==6571== by 0x6C6D213: WTF::fastMalloc(unsigned long) (FastMalloc.cpp:269) ==6571== by 0x6C8AFFC: WTF::StringImpl::getData16SlowCase() const (StringImpl.cpp:314) ==6571== by 0x52F9A72: WTF::StringImpl::characters() const (StringImpl.h:474) ==6571== by 0x52F9AAC: WTF::String::characters() const (WTFString.h:176) ==6571== by 0x60FF699: WebCore::fromRawDataWithoutRef(WTF::String const&, int, int) (FontQt4.cpp:59) ==6571== by 0x6101EF5: WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (FontQt4.cpp:373) ==6571== by 0x5C18F77: WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (Font.cpp:269) ==6571== by 0x5C31B3F: WebCore::GraphicsContext::drawHighlightForText(WebCore::Font const&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, WebCore::Color const&, WebCore::ColorSpace, int, int) (GraphicsContext.cpp:446) ==6571== by 0x5D3D07E: WebCore::InlineTextBox::paintSelection(WebCore::GraphicsContext*, WebCore::FloatPoint const&, WebCore::RenderStyle*, WebCore::Font const&, WebCore::Color) (InlineTextBox.cpp:884) ==6571== by 0x5D3B708: WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineTextBox.cpp:661) ==6571== by 0x5D30F90: WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineFlowBox.cpp:1117) ==6571== ==6571== Invalid read of size 2 ==6571== at 0xB6211C4: QFontEngineFT::stringToCMap(QChar const*, int, QGlyphLayout*, int*, QFlags) const [clone .part.20] (qchar.h:251) ==6571== by 0xB5532EE: QFontEngineMulti::stringToCMap(QChar const*, int, QGlyphLayout*, int*, QFlags) const (qfontengine.cpp:1360) ==6571== by 0xB563E49: QFontMetrics::width(QString const&, int, int) const (qfontmetrics.cpp:569) ==6571== by 0x6101FA0: WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (FontQt4.cpp:376) ==6571== by 0x5C18F77: WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (Font.cpp:269) ==6571== by 0x5C31B3F: WebCore::GraphicsContext::drawHighlightForText(WebCore::Font const&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, WebCore::Color const&, WebCore::ColorSpace, int, int) (GraphicsContext.cpp:446) ==6571== by 0x5D3D07E: WebCore::InlineTextBox::paintSelection(WebCore::GraphicsContext*, WebCore::FloatPoint const&, WebCore::RenderStyle*, WebCore::Font const&, WebCore::Color) (InlineTextBox.cpp:884) ==6571== by 0x5D3B708: WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineTextBox.cpp:661) ==6571== by 0x5D30F90: WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineFlowBox.cpp:1117) ==6571== by 0x5F292FA: WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (RootInlineBox.cpp:210) ==6571== by 0x5E7914D: WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const (RenderLineBoxList.cpp:262) ==6571== by 0x5D5A217: WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (RenderBlock.cpp:2943) ==6571== Address 0x1f05f13c is 0 bytes after a block of size 76 alloc'd ==6571== at 0x4C284A0: malloc (vg_replace_malloc.c:291) ==6571== by 0x6C6D213: WTF::fastMalloc(unsigned long) (FastMalloc.cpp:269) ==6571== by 0x6C8AFFC: WTF::StringImpl::getData16SlowCase() const (StringImpl.cpp:314) ==6571== by 0x52F9A72: WTF::StringImpl::characters() const (StringImpl.h:474) ==6571== by 0x52F9AAC: WTF::String::characters() const (WTFString.h:176) ==6571== by 0x60FF699: WebCore::fromRawDataWithoutRef(WTF::String const&, int, int) (FontQt4.cpp:59) ==6571== by 0x6101EF5: WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (FontQt4.cpp:373) ==6571== by 0x5C18F77: WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (Font.cpp:269) ==6571== by 0x5C31B3F: WebCore::GraphicsContext::drawHighlightForText(WebCore::Font const&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, WebCore::Color const&, WebCore::ColorSpace, int, int) (GraphicsContext.cpp:446) ==6571== by 0x5D3D07E: WebCore::InlineTextBox::paintSelection(WebCore::GraphicsContext*, WebCore::FloatPoint const&, WebCore::RenderStyle*, WebCore::Font const&, WebCore::Color) (InlineTextBox.cpp:884) ==6571== by 0x5D3B708: WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineTextBox.cpp:661) ==6571== by 0x5D30F90: WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineFlowBox.cpp:1117) ==6571== ==6571== Invalid read of size 2 ==6571== at 0xB620FA7: QFontEngineFT::stringToCMap(QChar const*, int, QGlyphLayout*, int*, QFlags) const [clone .part.20] (qchar.h:251) ==6571== by 0xB5532EE: QFontEngineMulti::stringToCMap(QChar const*, int, QGlyphLayout*, int*, QFlags) const (qfontengine.cpp:1360) ==6571== by 0xB563E49: QFontMetrics::width(QString const&, int, int) const (qfontmetrics.cpp:569) ==6571== by 0x6101FA0: WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (FontQt4.cpp:376) ==6571== by 0x5C18F77: WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (Font.cpp:269) ==6571== by 0x5C31B3F: WebCore::GraphicsContext::drawHighlightForText(WebCore::Font const&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, WebCore::Color const&, WebCore::ColorSpace, int, int) (GraphicsContext.cpp:446) ==6571== by 0x5D3D07E: WebCore::InlineTextBox::paintSelection(WebCore::GraphicsContext*, WebCore::FloatPoint const&, WebCore::RenderStyle*, WebCore::Font const&, WebCore::Color) (InlineTextBox.cpp:884) ==6571== by 0x5D3B708: WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineTextBox.cpp:661) ==6571== by 0x5D30F90: WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineFlowBox.cpp:1117) ==6571== by 0x5F292FA: WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (RootInlineBox.cpp:210) ==6571== by 0x5E7914D: WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const (RenderLineBoxList.cpp:262) ==6571== by 0x5D5A217: WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) (RenderBlock.cpp:2943) ==6571== Address 0x1f05f13c is 0 bytes after a block of size 76 alloc'd ==6571== at 0x4C284A0: malloc (vg_replace_malloc.c:291) ==6571== by 0x6C6D213: WTF::fastMalloc(unsigned long) (FastMalloc.cpp:269) ==6571== by 0x6C8AFFC: WTF::StringImpl::getData16SlowCase() const (StringImpl.cpp:314) ==6571== by 0x52F9A72: WTF::StringImpl::characters() const (StringImpl.h:474) ==6571== by 0x52F9AAC: WTF::String::characters() const (WTFString.h:176) ==6571== by 0x60FF699: WebCore::fromRawDataWithoutRef(WTF::String const&, int, int) (FontQt4.cpp:59) ==6571== by 0x6101EF5: WebCore::Font::selectionRectForSimpleText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (FontQt4.cpp:373) ==6571== by 0x5C18F77: WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::FloatPoint const&, int, int, int) const (Font.cpp:269) ==6571== by 0x5C31B3F: WebCore::GraphicsContext::drawHighlightForText(WebCore::Font const&, WebCore::TextRun const&, WebCore::FloatPoint const&, int, WebCore::Color const&, WebCore::ColorSpace, int, int) (GraphicsContext.cpp:446) ==6571== by 0x5D3D07E: WebCore::InlineTextBox::paintSelection(WebCore::GraphicsContext*, WebCore::FloatPoint const&, WebCore::RenderStyle*, WebCore::Font const&, WebCore::Color) (InlineTextBox.cpp:884) ==6571== by 0x5D3B708: WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineTextBox.cpp:661) ==6571== by 0x5D30F90: WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) (InlineFlowBox.cpp:1117) ==6571==