Title: [254910] releases/WebKitGTK/webkit-2.26/Source/WebCore
- Revision
- 254910
- Author
- [email protected]
- Date
- 2020-01-22 02:42:23 -0800 (Wed, 22 Jan 2020)
Log Message
Merge r253470 - [HarfBuzz] WebKitWebProcess crashes when displaying a KaTeX formula
https://bugs.webkit.org/show_bug.cgi?id=204689
Reviewed by Carlos Alberto Lopez Perez.
We are creating and caching an hb_font_t for the given FontPlatformData's FT_Face, but the face is not
referenced so it is destroyed eventually while the hb_font_t is still alive. We need to keep a reference of the
FT_Face while the hb_font_t is alive.
* platform/graphics/freetype/FontPlatformDataFreeType.cpp:
(WebCore::FontPlatformData::createOpenTypeMathHarfBuzzFont const): Create the hb_face_t with
hb_ft_face_create_referenced() instead of hb_ft_face_create_cached().
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (254909 => 254910)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2020-01-22 10:42:20 UTC (rev 254909)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2020-01-22 10:42:23 UTC (rev 254910)
@@ -1,3 +1,18 @@
+2019-12-13 Carlos Garcia Campos <[email protected]>
+
+ [HarfBuzz] WebKitWebProcess crashes when displaying a KaTeX formula
+ https://bugs.webkit.org/show_bug.cgi?id=204689
+
+ Reviewed by Carlos Alberto Lopez Perez.
+
+ We are creating and caching an hb_font_t for the given FontPlatformData's FT_Face, but the face is not
+ referenced so it is destroyed eventually while the hb_font_t is still alive. We need to keep a reference of the
+ FT_Face while the hb_font_t is alive.
+
+ * platform/graphics/freetype/FontPlatformDataFreeType.cpp:
+ (WebCore::FontPlatformData::createOpenTypeMathHarfBuzzFont const): Create the hb_face_t with
+ hb_ft_face_create_referenced() instead of hb_ft_face_create_cached().
+
2019-11-01 Said Abou-Hallawa <[email protected]>
SVG pair properties must be detached from their owner before it's deleted
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/freetype/FontPlatformDataFreeType.cpp (254909 => 254910)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/freetype/FontPlatformDataFreeType.cpp 2020-01-22 10:42:20 UTC (rev 254909)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/freetype/FontPlatformDataFreeType.cpp 2020-01-22 10:42:23 UTC (rev 254910)
@@ -279,7 +279,7 @@
if (!ftFace)
return nullptr;
- HbUniquePtr<hb_face_t> face(hb_ft_face_create_cached(ftFace));
+ HbUniquePtr<hb_face_t> face(hb_ft_face_create_referenced(ftFace));
if (!hb_ot_math_has_data(face.get()))
return nullptr;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
