Title: [253470] trunk/Source/WebCore
- Revision
- 253470
- Author
- [email protected]
- Date
- 2019-12-13 07:18:48 -0800 (Fri, 13 Dec 2019)
Log Message
[HarfBuzz] WebKitWebProcess crashes when displaying a KaTeX formula
https://bugs.webkit.org/show_bug.cgi?id=204689
Reviewed by Carlos Alberto Lopez Perez.
We are creating and caching an hb_font_t for the given FontPlatformData's FT_Face, but the face is not
referenced so it is destroyed eventually while the hb_font_t is still alive. We need to keep a reference of the
FT_Face while the hb_font_t is alive.
* platform/graphics/freetype/FontPlatformDataFreeType.cpp:
(WebCore::FontPlatformData::createOpenTypeMathHarfBuzzFont const): Create the hb_face_t with
hb_ft_face_create_referenced() instead of hb_ft_face_create_cached().
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (253469 => 253470)
--- trunk/Source/WebCore/ChangeLog 2019-12-13 14:32:55 UTC (rev 253469)
+++ trunk/Source/WebCore/ChangeLog 2019-12-13 15:18:48 UTC (rev 253470)
@@ -1,3 +1,18 @@
+2019-12-13 Carlos Garcia Campos <[email protected]>
+
+ [HarfBuzz] WebKitWebProcess crashes when displaying a KaTeX formula
+ https://bugs.webkit.org/show_bug.cgi?id=204689
+
+ Reviewed by Carlos Alberto Lopez Perez.
+
+ We are creating and caching an hb_font_t for the given FontPlatformData's FT_Face, but the face is not
+ referenced so it is destroyed eventually while the hb_font_t is still alive. We need to keep a reference of the
+ FT_Face while the hb_font_t is alive.
+
+ * platform/graphics/freetype/FontPlatformDataFreeType.cpp:
+ (WebCore::FontPlatformData::createOpenTypeMathHarfBuzzFont const): Create the hb_face_t with
+ hb_ft_face_create_referenced() instead of hb_ft_face_create_cached().
+
2019-12-13 Ali Juma <[email protected]>
Crash in RenderLayerBacking::updateCompositedBounds from using cleared WeakPtr from m_backingSharingLayers
Modified: trunk/Source/WebCore/platform/graphics/freetype/FontPlatformDataFreeType.cpp (253469 => 253470)
--- trunk/Source/WebCore/platform/graphics/freetype/FontPlatformDataFreeType.cpp 2019-12-13 14:32:55 UTC (rev 253469)
+++ trunk/Source/WebCore/platform/graphics/freetype/FontPlatformDataFreeType.cpp 2019-12-13 15:18:48 UTC (rev 253470)
@@ -279,7 +279,7 @@
if (!ftFace)
return nullptr;
- HbUniquePtr<hb_face_t> face(hb_ft_face_create_cached(ftFace));
+ HbUniquePtr<hb_face_t> face(hb_ft_face_create_referenced(ftFace));
if (!hb_ot_math_has_data(face.get()))
return nullptr;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
