Skip to site navigation (Press enter)

[webkit-changes] [199014] trunk/Source/WebCore

mmaxfield Mon, 04 Apr 2016 12:39:40 -0700

Title: [199014] trunk/Source/WebCore

Revision: 199014
Author: [email protected]
Date: 2016-04-04 12:39:10 -0700 (Mon, 04 Apr 2016)

Log Message

[SVG -> OTF Converter] Crash when trying to re-convert a previously-failed font conversion
https://bugs.webkit.org/show_bug.cgi?id=156175
<rdar://problem/25130547>


Reviewed by David Kilzer.

m_externalSVGFontElement points inside the document owned by m_externalSVGDocument.
However, when the m_externalSVGDocument is destroyed (due to a failed conversion),
we weren't resetting m_externalSVGFontElement. Then, when trying to re-convert, we
were using the fact that m_externalSVGFontElement is non-null to mean it's valid.

Test: fast/text/svg-font-invalid-glyph-path-failure.html (Under GuardMalloc)

* loader/cache/CachedSVGFont.cpp:
(WebCore::CachedSVGFont::ensureCustomFontData):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/loader/cache/CachedSVGFont.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (199013 => 199014)


--- trunk/Source/WebCore/ChangeLog	2016-04-04 18:35:11 UTC (rev 199013)
+++ trunk/Source/WebCore/ChangeLog	2016-04-04 19:39:10 UTC (rev 199014)
@@ -1,3 +1,21 @@
+2016-04-04  Myles C. Maxfield  <[email protected]>
+
+        [SVG -> OTF Converter] Crash when trying to re-convert a previously-failed font conversion
+        https://bugs.webkit.org/show_bug.cgi?id=156175
+        <rdar://problem/25130547>
+
+        Reviewed by David Kilzer.
+
+        m_externalSVGFontElement points inside the document owned by m_externalSVGDocument.
+        However, when the m_externalSVGDocument is destroyed (due to a failed conversion),
+        we weren't resetting m_externalSVGFontElement. Then, when trying to re-convert, we
+        were using the fact that m_externalSVGFontElement is non-null to mean it's valid.
+
+        Test: fast/text/svg-font-invalid-glyph-path-failure.html (Under GuardMalloc)
+
+        * loader/cache/CachedSVGFont.cpp:
+        (WebCore::CachedSVGFont::ensureCustomFontData):
+
 2016-04-04  Anders Carlsson  <[email protected]>
 
         Properly generate static functions that return Promises

Modified: trunk/Source/WebCore/loader/cache/CachedSVGFont.cpp (199013 => 199014)


--- trunk/Source/WebCore/loader/cache/CachedSVGFont.cpp	2016-04-04 18:35:11 UTC (rev 199013)
+++ trunk/Source/WebCore/loader/cache/CachedSVGFont.cpp	2016-04-04 19:39:10 UTC (rev 199014)
@@ -85,6 +85,7 @@
             m_convertedFont = SharedBuffer::adoptVector(convertedFont.value());
         else {
             m_externalSVGDocument = nullptr;
+            m_externalSVGFontElement = nullptr;
             return false;
         }
     }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes