Title: [228715] trunk
- Revision
- 228715
- Author
- [email protected]
- Date
- 2018-02-19 16:04:40 -0800 (Mon, 19 Feb 2018)
Log Message
SIGFPE @ int WebCore::SVGToOTFFontConverter::scaleUnitsPerEm<int> const + 45
https://bugs.webkit.org/show_bug.cgi?id=182944
<rdar://problem/35369984>
Reviewed by Myles Maxfield.
Source/WebCore:
Avoid a divide-by-zero.
Test: svg/text/font-bad-unitsperem.html
* svg/SVGFontFaceElement.cpp:
(WebCore::SVGFontFaceElement::unitsPerEm const):
LayoutTests:
Add a test with a 0 unitsperem SVG font.
* svg/text/font-bad-unitsperem-expected.txt: Added.
* svg/text/font-bad-unitsperem.html: Added.
* svg/text/resources/font-bad-unitsperem.svg: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (228714 => 228715)
--- trunk/LayoutTests/ChangeLog 2018-02-19 23:30:27 UTC (rev 228714)
+++ trunk/LayoutTests/ChangeLog 2018-02-20 00:04:40 UTC (rev 228715)
@@ -1,3 +1,17 @@
+2018-02-19 Dean Jackson <[email protected]>
+
+ SIGFPE @ int WebCore::SVGToOTFFontConverter::scaleUnitsPerEm<int> const + 45
+ https://bugs.webkit.org/show_bug.cgi?id=182944
+ <rdar://problem/35369984>
+
+ Reviewed by Myles Maxfield.
+
+ Add a test with a 0 unitsperem SVG font.
+
+ * svg/text/font-bad-unitsperem-expected.txt: Added.
+ * svg/text/font-bad-unitsperem.html: Added.
+ * svg/text/resources/font-bad-unitsperem.svg: Added.
+
2018-02-19 Tim Horton <[email protected]>
REGRESSION (r219342): Touch event coordinates and elementFromPoint coordinates differ
Added: trunk/LayoutTests/svg/text/font-bad-unitsperem-expected.txt (0 => 228715)
--- trunk/LayoutTests/svg/text/font-bad-unitsperem-expected.txt (rev 0)
+++ trunk/LayoutTests/svg/text/font-bad-unitsperem-expected.txt 2018-02-20 00:04:40 UTC (rev 228715)
@@ -0,0 +1 @@
+AAAAAA
Property changes on: trunk/LayoutTests/svg/text/font-bad-unitsperem-expected.txt
___________________________________________________________________
Added: svn:eol-style
+native
\ No newline at end of property
Added: svn:keywords
+Date Revision
\ No newline at end of property
Added: svn:mime-type
+text/plain
\ No newline at end of property
Added: trunk/LayoutTests/svg/text/font-bad-unitsperem.html (0 => 228715)
--- trunk/LayoutTests/svg/text/font-bad-unitsperem.html (rev 0)
+++ trunk/LayoutTests/svg/text/font-bad-unitsperem.html 2018-02-20 00:04:40 UTC (rev 228715)
@@ -0,0 +1,12 @@
+<script>
+ if (window.testRunner)
+ window.testRunner.dumpAsText();
+</script>
+<style>
+@font-face {
+ font-family: "foo";
+ src: url("resources/font-bad-unitsperem.svg#foo") format(svg);
+}
+</style>
+<body style="-webkit-font-smoothing: none;">
+<div><span style="font: 50px foo;">AAA</span>AAA</div>
Property changes on: trunk/LayoutTests/svg/text/font-bad-unitsperem.html
___________________________________________________________________
Added: svn:eol-style
+native
\ No newline at end of property
Added: svn:keywords
+Date Revision
\ No newline at end of property
Added: svn:mime-type
+text/html
\ No newline at end of property
Added: trunk/LayoutTests/svg/text/resources/font-bad-unitsperem.svg (0 => 228715)
--- trunk/LayoutTests/svg/text/resources/font-bad-unitsperem.svg (rev 0)
+++ trunk/LayoutTests/svg/text/resources/font-bad-unitsperem.svg 2018-02-20 00:04:40 UTC (rev 228715)
@@ -0,0 +1,10 @@
+<?xml version="1.0" standalone="yes"?>
+<svg xmlns="http://www.w3.org/2000/svg">
+ <defs>
+ <font id="foo" horiz-adv-x="1000">
+ <font-face units-per-em="0" ascent="1000" descent="0">
+ </font-face>
+ <glyph unicode="A" horiz-adv-x="1000" d="M 500 0 H 1000 V 600 H 500 z"/>
+ </font>
+ </defs>
+</svg>
Property changes on: trunk/LayoutTests/svg/text/resources/font-bad-unitsperem.svg
___________________________________________________________________
Added: svn:eol-style
+native
\ No newline at end of property
Added: svn:keywords
+Date Revision
\ No newline at end of property
Added: svn:mime-type
+text/xml
\ No newline at end of property
Modified: trunk/Source/WebCore/ChangeLog (228714 => 228715)
--- trunk/Source/WebCore/ChangeLog 2018-02-19 23:30:27 UTC (rev 228714)
+++ trunk/Source/WebCore/ChangeLog 2018-02-20 00:04:40 UTC (rev 228715)
@@ -1,3 +1,18 @@
+2018-02-19 Dean Jackson <[email protected]>
+
+ SIGFPE @ int WebCore::SVGToOTFFontConverter::scaleUnitsPerEm<int> const + 45
+ https://bugs.webkit.org/show_bug.cgi?id=182944
+ <rdar://problem/35369984>
+
+ Reviewed by Myles Maxfield.
+
+ Avoid a divide-by-zero.
+
+ Test: svg/text/font-bad-unitsperem.html
+
+ * svg/SVGFontFaceElement.cpp:
+ (WebCore::SVGFontFaceElement::unitsPerEm const):
+
2018-02-19 Tim Horton <[email protected]>
REGRESSION (r219342): Touch event coordinates and elementFromPoint coordinates differ
Modified: trunk/Source/WebCore/svg/SVGFontFaceElement.cpp (228714 => 228715)
--- trunk/Source/WebCore/svg/SVGFontFaceElement.cpp 2018-02-19 23:30:27 UTC (rev 228714)
+++ trunk/Source/WebCore/svg/SVGFontFaceElement.cpp 2018-02-20 00:04:40 UTC (rev 228715)
@@ -88,11 +88,15 @@
unsigned SVGFontFaceElement::unitsPerEm() const
{
- const AtomicString& value = attributeWithoutSynchronization(units_per_emAttr);
- if (value.isEmpty())
+ const AtomicString& valueString = attributeWithoutSynchronization(units_per_emAttr);
+ if (valueString.isEmpty())
return FontMetrics::defaultUnitsPerEm;
- return static_cast<unsigned>(ceilf(value.toFloat()));
+ auto value = static_cast<unsigned>(ceilf(valueString.toFloat()));
+ if (!value)
+ return FontMetrics::defaultUnitsPerEm;
+
+ return value;
}
int SVGFontFaceElement::xHeight() const
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
