[webkit-changes] [235516] trunk

Thu, 30 Aug 2018 12:39:02 -0700

Title: [235516] trunk
Revision
235516
Author
[email protected]
Date
2018-08-30 12:37:37 -0700 (Thu, 30 Aug 2018)

Log Message

The width of a nullptr TextRun should be zero
https://bugs.webkit.org/show_bug.cgi?id=189154
<rdar://problem/43685926>

Reviewed by Zalan Bujtas.

Source/WebCore:

If a page has an empty TextRun and attempts to paint it we can crash with a nullptr.

This patch recognizes that an empty TextRun should always produce a zero width, rather than
attempt to compute this value from font data.

Test: fast/text/null-string-textrun.html

* platform/graphics/FontCascade.cpp:
(WebCore::FontCascade::widthOfTextRange const): An empty TextRun has zero width.
(WebCore::FontCascade::width const): Ditto.
(WebCore::FontCascade::codePath const): ASSERT that the TextRun is non-empty.

LayoutTests:

* fast/text/null-string-textrun-expected.txt: Added.
* fast/text/null-string-textrun.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (235515 => 235516)


--- trunk/LayoutTests/ChangeLog	2018-08-30 19:27:56 UTC (rev 235515)
+++ trunk/LayoutTests/ChangeLog	2018-08-30 19:37:37 UTC (rev 235516)
@@ -1,3 +1,14 @@
+2018-08-30  Brent Fulgham  <[email protected]>
+
+        The width of a nullptr TextRun should be zero
+        https://bugs.webkit.org/show_bug.cgi?id=189154
+        <rdar://problem/43685926>
+
+        Reviewed by Zalan Bujtas.
+
+        * fast/text/null-string-textrun-expected.txt: Added.
+        * fast/text/null-string-textrun.html: Added.
+
 2018-08-30  Eric Carlson  <[email protected]>
 
         Mock video devices should only support discrete sizes

Added: trunk/LayoutTests/fast/text/null-string-textrun-expected.txt (0 => 235516)


--- trunk/LayoutTests/fast/text/null-string-textrun-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/text/null-string-textrun-expected.txt	2018-08-30 19:37:37 UTC (rev 235516)
@@ -0,0 +1,6 @@
+This test confirms that a null text run doesn't trigger a crash. It passes if it loads without crashing.
+
+        
+        
+    
+

Added: trunk/LayoutTests/fast/text/null-string-textrun.html (0 => 235516)


--- trunk/LayoutTests/fast/text/null-string-textrun.html	                        (rev 0)
+++ trunk/LayoutTests/fast/text/null-string-textrun.html	2018-08-30 19:37:37 UTC (rev 235516)
@@ -0,0 +1,19 @@
+<!doctype html>
+<head>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+<head>
+<body>
+    <p>This test confirms that a null text run doesn't trigger a crash. It passes if it loads without crashing.</p>
+    <pre id="pre_tag" dir="RTL" >
+        <style _onload_="pre_tag.appendChild(meter_tag)"/></style>
+        <select multiple="multiple">
+            <optgroup/>
+        </select>
+    </pre>
+    <label>
+        <meter id="meter_tag">
+    </label>
+</body>
\ No newline at end of file

Modified: trunk/Source/WebCore/ChangeLog (235515 => 235516)


--- trunk/Source/WebCore/ChangeLog	2018-08-30 19:27:56 UTC (rev 235515)
+++ trunk/Source/WebCore/ChangeLog	2018-08-30 19:37:37 UTC (rev 235516)
@@ -1,3 +1,23 @@
+2018-08-30  Brent Fulgham  <[email protected]>
+
+        The width of a nullptr TextRun should be zero
+        https://bugs.webkit.org/show_bug.cgi?id=189154
+        <rdar://problem/43685926>
+
+        Reviewed by Zalan Bujtas.
+
+        If a page has an empty TextRun and attempts to paint it we can crash with a nullptr.
+
+        This patch recognizes that an empty TextRun should always produce a zero width, rather than
+        attempt to compute this value from font data.
+
+        Test: fast/text/null-string-textrun.html
+
+        * platform/graphics/FontCascade.cpp:
+        (WebCore::FontCascade::widthOfTextRange const): An empty TextRun has zero width.
+        (WebCore::FontCascade::width const): Ditto.
+        (WebCore::FontCascade::codePath const): ASSERT that the TextRun is non-empty.
+
 2018-08-30  Eric Carlson  <[email protected]>
 
         Mock video devices should only support discrete sizes

Modified: trunk/Source/WebCore/platform/graphics/FontCascade.cpp (235515 => 235516)


--- trunk/Source/WebCore/platform/graphics/FontCascade.cpp	2018-08-30 19:27:56 UTC (rev 235515)
+++ trunk/Source/WebCore/platform/graphics/FontCascade.cpp	2018-08-30 19:37:37 UTC (rev 235516)
@@ -341,6 +341,9 @@
     ASSERT(from <= to);
     ASSERT(to <= run.length());
 
+    if (!run.length())
+        return 0;
+
     float offsetBeforeRange = 0;
     float offsetAfterRange = 0;
     float totalWidth = 0;
@@ -385,6 +388,9 @@
 
 float FontCascade::width(const TextRun& run, HashSet<const Font*>* fallbackFonts, GlyphOverflow* glyphOverflow) const
 {
+    if (!run.length())
+        return 0;
+
     CodePath codePathToUse = codePath(run);
     if (codePathToUse != Complex) {
         // The complex path is more restrictive about returning fallback fonts than the simple path, so we need an explicit test to make their behaviors match.
@@ -604,6 +610,8 @@
     if (s_codePath != Auto)
         return s_codePath;
 
+    ASSERT(run.length());
+
 #if !USE(FREETYPE)
     // FIXME: Use the fast code path once it handles partial runs with kerning and ligatures. See http://webkit.org/b/100050
     if ((enableKerning() || requiresShaping()) && (from.value_or(0) || to.value_or(run.length()) != run.length()))

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to