Diff
Modified: trunk/LayoutTests/ChangeLog (281791 => 281792)
--- trunk/LayoutTests/ChangeLog 2021-08-31 03:43:31 UTC (rev 281791)
+++ trunk/LayoutTests/ChangeLog 2021-08-31 07:18:14 UTC (rev 281792)
@@ -1,3 +1,14 @@
+2021-08-31 Myles C. Maxfield <[email protected]>
+
+ [Cocoa] Drawing system fallback fonts to canvas causes a crash
+ https://bugs.webkit.org/show_bug.cgi?id=229633
+ <rdar://problem/81889036>
+
+ Reviewed by Wenson Hsieh.
+
+ * fast/text/system-fallback-canvas-expected.txt: Added.
+ * fast/text/system-fallback-canvas.html: Added.
+
2021-08-30 Megan Gardner <[email protected]>
Update fast/events/touch/ios/long-press-to-select-text.html
Added: trunk/LayoutTests/fast/text/draw-synthetic-system-bold-font-into-canvas-expected-mismatch.html (0 => 281792)
--- trunk/LayoutTests/fast/text/draw-synthetic-system-bold-font-into-canvas-expected-mismatch.html (rev 0)
+++ trunk/LayoutTests/fast/text/draw-synthetic-system-bold-font-into-canvas-expected-mismatch.html 2021-08-31 07:18:14 UTC (rev 281792)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style>
+canvas {
+ width: 200px;
+ height: 200px;
+ margin-top: 0;
+}
+</style>
+</head>
+<body>
+<canvas width="400" height="400"></canvas>
+</body>
+</html>
Added: trunk/LayoutTests/fast/text/draw-synthetic-system-bold-font-into-canvas.html (0 => 281792)
--- trunk/LayoutTests/fast/text/draw-synthetic-system-bold-font-into-canvas.html (rev 0)
+++ trunk/LayoutTests/fast/text/draw-synthetic-system-bold-font-into-canvas.html 2021-08-31 07:18:14 UTC (rev 281792)
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+<meta charset="utf8">
+<head>
+<script src=""
+<style>
+canvas {
+ width: 200px;
+ height: 200px;
+ margin-top: 0;
+}
+</style>
+</head>
+<body>
+<canvas width="400" height="400"></canvas>
+</body>
+<script>
+if (window.testRunner)
+ testRunner.waitUntilDone();
+
+addEventListener("load", async () => {
+ let canvas = document.querySelector("canvas");
+ let context = canvas.getContext("2d");
+ context.font = "bold 36px '.AppleSimplifiedChineseFont-Heavy'";
+ context.strokeText("苹果电脑", 40, 40);
+ await UIHelper.renderingUpdate();
+
+ if (window.testRunner)
+ testRunner.notifyDone();
+});
+</script>
+</html>
Added: trunk/LayoutTests/fast/text/system-fallback-canvas-expected.txt (0 => 281792)
--- trunk/LayoutTests/fast/text/system-fallback-canvas-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/text/system-fallback-canvas-expected.txt 2021-08-31 07:18:14 UTC (rev 281792)
@@ -0,0 +1 @@
+This test makes sure that drawing a system fallback font to canvas doesn't crash any process. The test passes if there is no crash.
Added: trunk/LayoutTests/fast/text/system-fallback-canvas.html (0 => 281792)
--- trunk/LayoutTests/fast/text/system-fallback-canvas.html (rev 0)
+++ trunk/LayoutTests/fast/text/system-fallback-canvas.html 2021-08-31 07:18:14 UTC (rev 281792)
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+</head>
+<body>
+This test makes sure that drawing a system fallback font to canvas doesn't crash any process. The test passes if there is no crash.
+<canvas id="canvas" width="400" height="400"></canvas>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+let canvas = document.getElementById("canvas");
+let context = canvas.getContext("2d");
+context.font = "bold 36px system-ui";
+context.fillText("苹果电脑", 100, 100);
+</script>
+</body>
+</html>
Modified: trunk/Source/WebCore/PAL/ChangeLog (281791 => 281792)
--- trunk/Source/WebCore/PAL/ChangeLog 2021-08-31 03:43:31 UTC (rev 281791)
+++ trunk/Source/WebCore/PAL/ChangeLog 2021-08-31 07:18:14 UTC (rev 281792)
@@ -1,3 +1,13 @@
+2021-08-31 Myles C. Maxfield <[email protected]>
+
+ [Cocoa] Drawing system fallback fonts to canvas causes a crash
+ https://bugs.webkit.org/show_bug.cgi?id=229633
+ <rdar://problem/81889036>
+
+ Reviewed by Wenson Hsieh.
+
+ * pal/spi/cf/CoreTextSPI.h:
+
2021-08-26 Darin Adler <[email protected]>
Cut down on use of CFGetTypeID, using dynamic_cf_cast instead; related streamlining
Modified: trunk/Source/WebCore/PAL/pal/spi/cf/CoreTextSPI.h (281791 => 281792)
--- trunk/Source/WebCore/PAL/pal/spi/cf/CoreTextSPI.h 2021-08-31 03:43:31 UTC (rev 281791)
+++ trunk/Source/WebCore/PAL/pal/spi/cf/CoreTextSPI.h 2021-08-31 07:18:14 UTC (rev 281792)
@@ -59,6 +59,10 @@
};
enum {
+ kCTFontOptionsSystemUIFont = 1 << 1,
+};
+
+enum {
kCTRunStatusHasOrigins = (1 << 4),
};
@@ -148,6 +152,7 @@
bool CTFontDescriptorIsSystemUIFont(CTFontDescriptorRef);
bool CTFontIsSystemUIFont(CTFontRef);
+CTFontRef CTFontCreateWithFontDescriptorAndOptions(CTFontDescriptorRef, CGFloat size, const CGAffineTransform*, CTFontOptions);
CTFontRef CTFontCreateForCSS(CFStringRef name, uint16_t weight, CTFontSymbolicTraits, CGFloat size);
CTFontRef CTFontCreateForCharactersWithLanguage(CTFontRef currentFont, const UTF16Char *characters, CFIndex length, CFStringRef language, CFIndex *coveredLength);
CTFontRef CTFontCreateForCharactersWithLanguageAndOption(CTFontRef currentFont, const UTF16Char *characters, CFIndex length, CFStringRef language, CTFontFallbackOption, CFIndex *coveredLength);
Modified: trunk/Source/WebKit/ChangeLog (281791 => 281792)
--- trunk/Source/WebKit/ChangeLog 2021-08-31 03:43:31 UTC (rev 281791)
+++ trunk/Source/WebKit/ChangeLog 2021-08-31 07:18:14 UTC (rev 281792)
@@ -1,3 +1,22 @@
+2021-08-31 Myles C. Maxfield <[email protected]>
+
+ [Cocoa] Drawing system fallback fonts to canvas causes a crash
+ https://bugs.webkit.org/show_bug.cgi?id=229633
+ <rdar://problem/81889036>
+
+ Reviewed by Wenson Hsieh.
+
+ Dot-prefixed font names don't survive the round-trip through
+ CTFontDescriptorCopyAttributes(CTFontCopyFontDescriptor(font)) unless you also
+ pass in the kCTFontOptionsSystemUIFont option.
+
+ Tests: fast/text/system-fallback-canvas.html
+ fast/text/draw-synthetic-system-bold-font-into-canvas.html
+
+ * Shared/Cocoa/WebCoreArgumentCodersCocoa.mm:
+ (IPC::createCTFont):
+ (IPC::ArgumentCoder<Ref<WebCore::Font>>::decodePlatformData):
+
2021-08-26 Darin Adler <[email protected]>
Cut down on use of CFGetTypeID, using dynamic_cf_cast instead; related streamlining
Modified: trunk/Source/WebKit/Shared/Cocoa/WebCoreArgumentCodersCocoa.mm (281791 => 281792)
--- trunk/Source/WebKit/Shared/Cocoa/WebCoreArgumentCodersCocoa.mm 2021-08-31 03:43:31 UTC (rev 281791)
+++ trunk/Source/WebKit/Shared/Cocoa/WebCoreArgumentCodersCocoa.mm 2021-08-31 07:18:14 UTC (rev 281792)
@@ -501,6 +501,24 @@
return nullptr;
}
+static RetainPtr<CTFontRef> createCTFont(CFDictionaryRef attributes, float size, const String& referenceURL, const String& postScriptName)
+{
+ if (auto name = static_cast<CFStringRef>(CFDictionaryGetValue(attributes, kCTFontNameAttribute))) {
+ if (CFStringHasPrefix(name, CFSTR("."))) {
+ auto fontDescriptor = adoptCF(CTFontDescriptorCreateWithAttributes(attributes));
+ if (!fontDescriptor)
+ return nullptr;
+ return adoptCF(CTFontCreateWithFontDescriptorAndOptions(fontDescriptor.get(), size, nullptr, kCTFontOptionsSystemUIFont));
+ }
+ }
+
+ auto fontDescriptor = findFontDescriptor(referenceURL, postScriptName);
+ if (!fontDescriptor)
+ return nullptr;
+ fontDescriptor = adoptCF(CTFontDescriptorCreateCopyWithAttributes(fontDescriptor.get(), attributes));
+ return adoptCF(CTFontCreateWithFontDescriptor(fontDescriptor.get(), size, nullptr));
+}
+
std::optional<WebCore::FontPlatformData> ArgumentCoder<Ref<WebCore::Font>>::decodePlatformData(Decoder& decoder)
{
std::optional<WebCore::FontOrientation> orientation;
@@ -580,11 +598,9 @@
if (!postScriptName)
return std::nullopt;
- auto fontDescriptor = findFontDescriptor(*referenceURL, *postScriptName);
- if (!fontDescriptor)
+ auto ctFont = createCTFont(attributes->get(), *size, *referenceURL, *postScriptName);
+ if (!ctFont)
return std::nullopt;
- fontDescriptor = adoptCF(CTFontDescriptorCreateCopyWithAttributes(fontDescriptor.get(), attributes->get()));
- auto ctFont = adoptCF(CTFontCreateWithFontDescriptor(fontDescriptor.get(), *size, nullptr));
return WebCore::FontPlatformData(ctFont.get(), *size, *syntheticBold, *syntheticOblique, *orientation, *widthVariant, *textRenderingMode);
}
