[webkit-changes] [263211] trunk/Source/WebCore

[dougk]

Title: [263211] trunk/Source/WebCore

Revision

263211

Author

do...@apple.com

Date

2020-06-18 09:32:09 -0700 (Thu, 18 Jun 2020)

Log Message

Clamp text run width to zero
https://bugs.webkit.org/show_bug.cgi?id=212655
<rdar://problem/61462335>

Reviewed by Said Abou-Hallawa.

It's possible to end up with a text run with negative width, if the text run is relatively short
and the character spacing is relatively large (but negative).  If this occurs, clamp the value to
zero.  This also adds additional asserts and checks to ensure the value remains non-negative.

* platform/graphics/cg/GraphicsContextCG.cpp:
(WebCore::GraphicsContext::drawLinesForText):
* rendering/ComplexLineLayout.cpp:
(WebCore::setLogicalWidthForTextRun):
* rendering/RenderText.cpp:
(WebCore::RenderText::width const):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp
• trunk/Source/WebCore/rendering/ComplexLineLayout.cpp
• trunk/Source/WebCore/rendering/RenderText.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (263210 => 263211)

--- trunk/Source/WebCore/ChangeLog	2020-06-18 16:30:22 UTC (rev 263210)
+++ trunk/Source/WebCore/ChangeLog	2020-06-18 16:32:09 UTC (rev 263211)
@@ -1,3 +1,22 @@
+2020-06-18  Doug Kelly  <do...@apple.com>
+
+        Clamp text run width to zero
+        https://bugs.webkit.org/show_bug.cgi?id=212655
+        <rdar://problem/61462335>
+
+        Reviewed by Said Abou-Hallawa.
+
+        It's possible to end up with a text run with negative width, if the text run is relatively short
+        and the character spacing is relatively large (but negative).  If this occurs, clamp the value to
+        zero.  This also adds additional asserts and checks to ensure the value remains non-negative.
+
+        * platform/graphics/cg/GraphicsContextCG.cpp:
+        (WebCore::GraphicsContext::drawLinesForText):
+        * rendering/ComplexLineLayout.cpp:
+        (WebCore::setLogicalWidthForTextRun):
+        * rendering/RenderText.cpp:
+        (WebCore::RenderText::width const):
+
 2020-06-18  David Kilzer  <ddkil...@apple.com>
 
         Fix misspellings of "namespace" in comments

Modified: trunk/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp (263210 => 263211)

--- trunk/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp	2020-06-18 16:30:22 UTC (rev 263210)
+++ trunk/Source/WebCore/platform/graphics/cg/GraphicsContextCG.cpp	2020-06-18 16:32:09 UTC (rev 263211)
@@ -1604,6 +1604,9 @@
     Color localStrokeColor(strokeColor());
 
     FloatRect bounds = computeLineBoundsAndAntialiasingModeForText(FloatRect(point, FloatSize(widths.last(), thickness)), printing, localStrokeColor);
+    if (bounds.isEmpty())
+        return;
+
     bool fillColorIsNotEqualToStrokeColor = fillColor() != localStrokeColor;
     
     Vector<CGRect, 4> dashBounds;
@@ -1629,9 +1632,9 @@
         if (!dashWidth)
             dashBounds.append(CGRectMake(bounds.x() + left, bounds.y(), width, bounds.height()));
         else {
-            auto startParticle = static_cast<unsigned>(std::ceil(left / (2 * dashWidth)));
-            auto endParticle = static_cast<unsigned>((left + width) / (2 * dashWidth));
-            for (unsigned j = startParticle; j < endParticle; ++j)
+            auto startParticle = static_cast<int>(std::ceil(left / (2 * dashWidth)));
+            auto endParticle = static_cast<int>((left + width) / (2 * dashWidth));
+            for (auto j = startParticle; j < endParticle; ++j)
                 dashBounds.append(CGRectMake(bounds.x() + j * 2 * dashWidth, bounds.y(), dashWidth, bounds.height()));
         }
     }

Modified: trunk/Source/WebCore/rendering/ComplexLineLayout.cpp (263210 => 263211)

--- trunk/Source/WebCore/rendering/ComplexLineLayout.cpp	2020-06-18 16:30:22 UTC (rev 263210)
+++ trunk/Source/WebCore/rendering/ComplexLineLayout.cpp	2020-06-18 16:32:09 UTC (rev 263211)
@@ -545,6 +545,9 @@
     if (!measuredWidth)
         measuredWidth = renderer.width(run->m_start, run->m_stop - run->m_start, xPos, lineInfo.isFirstLine(), &fallbackFonts, &glyphOverflow);
 
+    ASSERT(measuredWidth >= 0);
+    ASSERT(hyphenWidth >= 0);
+
     run->box()->setLogicalWidth(measuredWidth + hyphenWidth);
     if (!fallbackFonts.isEmpty()) {
         ASSERT(run->box()->behavesLikeText());

Modified: trunk/Source/WebCore/rendering/RenderText.cpp (263210 => 263211)

--- trunk/Source/WebCore/rendering/RenderText.cpp	2020-06-18 16:30:22 UTC (rev 263210)
+++ trunk/Source/WebCore/rendering/RenderText.cpp	2020-06-18 16:32:09 UTC (rev 263211)
@@ -1400,7 +1400,7 @@
         w = f.width(run, fallbackFonts, glyphOverflow);
     }
 
-    return w;
+    return clampTo(w, 0.f);
 }
 
 IntRect RenderText::linesBoundingBox() const

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes