[webkit-changes] [WebKit/WebKit] 38946d: Crash in SVGFontFaceElement::associatedFontElement...

Sun, 09 Apr 2023 00:03:08 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 38946d45dfe831d30d7c7fce8123ea8a85b00169
      
https://github.com/WebKit/WebKit/commit/38946d45dfe831d30d7c7fce8123ea8a85b00169
  Author: Myles C. Maxfield <[email protected]>
  Date:   2023-04-09 (Sun, 09 Apr 2023)

  Changed paths:
    A 
LayoutTests/platform/glib/imported/w3c/web-platform-tests/svg/import/text-intro-02-b-manual-expected.txt
    A 
LayoutTests/platform/glib/imported/w3c/web-platform-tests/svg/import/text-intro-03-b-manual-expected.txt
    R 
LayoutTests/platform/gtk/imported/w3c/web-platform-tests/svg/import/text-intro-02-b-manual-expected.txt
    M LayoutTests/platform/gtk/svg/W3C-SVG-1.1-SE/text-intro-09-b-expected.txt
    R 
LayoutTests/platform/wpe/imported/w3c/web-platform-tests/svg/import/text-intro-02-b-manual-expected.txt
    M LayoutTests/platform/wpe/svg/W3C-SVG-1.1-SE/text-intro-09-b-expected.txt
    M Source/WebCore/css/CSSFontSelector.h
    M Source/WebCore/rendering/svg/RenderSVGInlineText.cpp
    M Source/WebCore/rendering/svg/RenderSVGText.cpp
    M Source/WebCore/rendering/svg/RenderSVGText.h
    M Source/WebCore/svg/SVGFontFaceElement.cpp

  Log Message:
  -----------
  Crash in SVGFontFaceElement::associatedFontElement crash when removing 
SVGFontFaceElement
https://bugs.webkit.org/show_bug.cgi?id=249434
<rdar://problem/103420468>

Reviewed by Said Abou-Hallawa.

Port of Blink commit 
https://src.chromium.org/viewvc/blink?revision=167993&view=revision.
The Blink commit message is:

> Fix crash in SVGFontFaceElement::associatedFontElement crash when removing 
> SVGFontFaceElement.
>
> (1) We need to remove its font-face rule from FontCache when removing 
> SVGFontFaceElement,
>
> (2) We should not use old styles in RenderSVGInlineText::styleDidChange.
> Since styleRecalc is done in document-order, we cannot see any styles of next 
> renderer
> (obtained by nextInPreOrder).
> The old styles might have old fonts which are created by SVGFontFaceElement.

* Source/WebCore/css/CSSFontFaceSet.cpp:
(WebCore::CSSFontFaceSet::remove):
* Source/WebCore/css/CSSFontFaceSet.h:
* Source/WebCore/css/CSSFontSelector.h:
* Source/WebCore/rendering/svg/RenderSVGInlineText.cpp:
(WebCore::RenderSVGInlineText::styleDidChange):
* Source/WebCore/rendering/svg/RenderSVGText.cpp:
(WebCore::RenderSVGText::subtreeStyleDidChange):
(WebCore::RenderSVGText::layout):
* Source/WebCore/rendering/svg/RenderSVGText.h:
* Source/WebCore/svg/SVGFontFaceElement.cpp:
(WebCore::SVGFontFaceElement::removedFromAncestor):

Cherry-pick: 259548.279@safari-7615-branch (41f425bc0ef8). rdar://107710008
Canonical link: https://commits.webkit.org/262756@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to