Changeset 177909 in webkit

Timestamp:

Jan 5, 2015 7:05:46 AM (9 years ago)

Author:

commit-queue@webkit.org

Message:

[WinCairo] Crash when font data pointer is null.
​https://bugs.webkit.org/show_bug.cgi?id=139969

Patch by ​peavo@outlook.com <​peavo@outlook.com> on 2015-01-05
Reviewed by Darin Adler.

Source/WebCore:

Added null pointer check.

Test: fonts/unicode-character-font-crash.html

• platform/graphics/win/UniscribeController.cpp:

(WebCore::UniscribeController::advance):
(WebCore::UniscribeController::shape):

LayoutTests:

• fonts/unicode-character-font-crash-expected.txt: Added.
• fonts/unicode-character-font-crash.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fonts/unicode-character-font-crash-expected.txt (added)
• LayoutTests/fonts/unicode-character-font-crash.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/platform/graphics/win/UniscribeController.cpp (modified) (3 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2015-01-05  peavo@outlook.com  <peavo@outlook.com>
+
+        [WinCairo] Crash when font data pointer is null.
+        https://bugs.webkit.org/show_bug.cgi?id=139969
+
+        Reviewed by Darin Adler.
+
+        * fonts/unicode-character-font-crash-expected.txt: Added.
+        * fonts/unicode-character-font-crash.html: Added.
+
 2015-01-04  Alexey Proskuryakov  <ap@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2015-01-05  peavo@outlook.com  <peavo@outlook.com>
+
+        [WinCairo] Crash when font data pointer is null.
+        https://bugs.webkit.org/show_bug.cgi?id=139969
+
+        Reviewed by Darin Adler.
+
+        Added null pointer check.
+
+        Test: fonts/unicode-character-font-crash.html
+
+        * platform/graphics/win/UniscribeController.cpp:
+        (WebCore::UniscribeController::advance):
+        (WebCore::UniscribeController::shape):
+
 2015-01-05  Michael Catanzaro  <mcatanzaro@igalia.com>
 

trunk/Source/WebCore/platform/graphics/win/UniscribeController.cpp

@@ -166 +166 @@
         }
 
-        if (m_fallbackFonts && nextFontData != fontData && fontData != m_font.primaryFont())
+        if (m_fallbackFonts && fontData && nextFontData != fontData && fontData != m_font.primaryFont())
             m_fallbackFonts->add(fontData);
 
@@ -180 +180 @@
     int itemLength = m_run.rtl() ? indexOfFontTransition + 1 : length - indexOfFontTransition;
     if (itemLength) {
-        if (m_fallbackFonts && nextFontData != m_font.primaryFont())
+        if (m_fallbackFonts && nextFontData && nextFontData != m_font.primaryFont())
             m_fallbackFonts->add(nextFontData);
 
@@ -413 +413 @@
     HRESULT shapeResult = E_PENDING;
     int glyphCount = 0;
+
+    if (!fontData)
+        return false;
+
     do {
         shapeResult = ScriptShape(hdc, fontData->scriptCache(), str, len, glyphs.size(), &item.a,