[webkit-changes] [188195] trunk

Sun, 09 Aug 2015 13:01:35 -0700

Title: [188195] trunk
Revision
188195
Author
[email protected]
Date
2015-08-09 13:01:15 -0700 (Sun, 09 Aug 2015)

Log Message

Crash in ComplexTextController when laying out obscure text
https://bugs.webkit.org/show_bug.cgi?id=147806
<rdar://problem/22102378>

Reviewed by Darin Adler.

Source/WebCore:

CTFontDescriptorCopyAttribute(fontDescriptor.get(), kCTFontReferenceURLAttribute) can return nullptr.

Test: fast/text/crash-obscure-text.html

* platform/graphics/mac/ComplexTextControllerCoreText.mm:
(WebCore::safeCFEqual):
(WebCore::ComplexTextController::collectComplexTextRunsForCharacters):

LayoutTests:

* fast/text/crash-obscure-text-expected.txt: Added.
* fast/text/crash-obscure-text.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (188194 => 188195)


--- trunk/LayoutTests/ChangeLog	2015-08-09 11:15:01 UTC (rev 188194)
+++ trunk/LayoutTests/ChangeLog	2015-08-09 20:01:15 UTC (rev 188195)
@@ -1,3 +1,14 @@
+2015-08-09  Myles C. Maxfield  <[email protected]>
+
+        Crash in ComplexTextController when laying out obscure text
+        https://bugs.webkit.org/show_bug.cgi?id=147806
+        <rdar://problem/22102378>
+
+        Reviewed by Darin Adler.
+
+        * fast/text/crash-obscure-text-expected.txt: Added.
+        * fast/text/crash-obscure-text.html: Added.
+
 2015-08-08  Dean Jackson  <[email protected]>
 
         Remove the webkit prefix from CanvasRenderingContext2D imageSmoothingEnabled

Added: trunk/LayoutTests/fast/text/crash-obscure-text-expected.txt (0 => 188195)


--- trunk/LayoutTests/fast/text/crash-obscure-text-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/text/crash-obscure-text-expected.txt	2015-08-09 20:01:15 UTC (rev 188195)
@@ -0,0 +1,3 @@
+This test makes sure we don't crash when encountering some particularly exotic codepoints. The test passes if we do not crash.
+
+ܘ̈
Property changes on: trunk/LayoutTests/fast/text/crash-obscure-text-expected.txt
___________________________________________________________________

Added: svn:keywords

Added: svn:eol-style

Added: trunk/LayoutTests/fast/text/crash-obscure-text.html (0 => 188195)


--- trunk/LayoutTests/fast/text/crash-obscure-text.html	                        (rev 0)
+++ trunk/LayoutTests/fast/text/crash-obscure-text.html	2015-08-09 20:01:15 UTC (rev 188195)
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+<p>This test makes sure we don't crash when encountering some particularly exotic codepoints. The test passes if we do not crash.</p>
+&#x0718;&#x0308;
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (188194 => 188195)


--- trunk/Source/WebCore/ChangeLog	2015-08-09 11:15:01 UTC (rev 188194)
+++ trunk/Source/WebCore/ChangeLog	2015-08-09 20:01:15 UTC (rev 188195)
@@ -1,3 +1,19 @@
+2015-08-09  Myles C. Maxfield  <[email protected]>
+
+        Crash in ComplexTextController when laying out obscure text
+        https://bugs.webkit.org/show_bug.cgi?id=147806
+        <rdar://problem/22102378>
+
+        Reviewed by Darin Adler.
+
+        CTFontDescriptorCopyAttribute(fontDescriptor.get(), kCTFontReferenceURLAttribute) can return nullptr.
+
+        Test: fast/text/crash-obscure-text.html
+
+        * platform/graphics/mac/ComplexTextControllerCoreText.mm:
+        (WebCore::safeCFEqual):
+        (WebCore::ComplexTextController::collectComplexTextRunsForCharacters):
+
 2015-08-08  Dean Jackson  <[email protected]>
 
         Remove the webkit prefix from CanvasRenderingContext2D imageSmoothingEnabled

Modified: trunk/Source/WebCore/platform/graphics/mac/ComplexTextControllerCoreText.mm (188194 => 188195)


--- trunk/Source/WebCore/platform/graphics/mac/ComplexTextControllerCoreText.mm	2015-08-09 11:15:01 UTC (rev 188194)
+++ trunk/Source/WebCore/platform/graphics/mac/ComplexTextControllerCoreText.mm	2015-08-09 20:01:15 UTC (rev 188195)
@@ -189,6 +189,11 @@
     return info->cp + stringIndex;
 }
 
+static inline bool safeCFEqual(CFTypeRef a, CFTypeRef b)
+{
+    return (!a && !b) || (a && b && CFEqual(a, b));
+}
+
 void ComplexTextController::collectComplexTextRunsForCharacters(const UChar* cp, unsigned length, unsigned stringLocation, const Font* font)
 {
     if (!font) {
@@ -259,14 +264,14 @@
             CTFontRef runCTFont = static_cast<CTFontRef>(CFDictionaryGetValue(runAttributes, kCTFontAttributeName));
             ASSERT(CFGetTypeID(runCTFont) == CTFontGetTypeID());
             RetainPtr<CFTypeRef> runFontEqualityObject = FontPlatformData::objectForEqualityCheck(runCTFont);
-            if (!CFEqual(runFontEqualityObject.get(), font->platformData().objectForEqualityCheck().get())) {
+            if (!safeCFEqual(runFontEqualityObject.get(), font->platformData().objectForEqualityCheck().get())) {
                 // Begin trying to see if runFont matches any of the fonts in the fallback list.
 
                 for (unsigned i = 0; !m_font.fallbackRangesAt(i).isNull(); ++i) {
                     runFont = m_font.fallbackRangesAt(i).fontForCharacter(baseCharacter);
                     if (!runFont)
                         continue;
-                    if (CFEqual(runFont->platformData().objectForEqualityCheck().get(), runFontEqualityObject.get()))
+                    if (safeCFEqual(runFont->platformData().objectForEqualityCheck().get(), runFontEqualityObject.get()))
                         break;
                     runFont = nullptr;
                 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to