Changeset 96122 in webkit
- Timestamp:
- Sep 27, 2011 9:55:59 AM (13 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r96114 r96122 1 2011-09-27 Julien Chaffraix <jchaffraix@webkit.org> 2 3 Crash because CSSPrimitiveValue::computeLengthDouble assumes fontMetrics are available 4 https://bugs.webkit.org/show_bug.cgi?id=66291 5 6 Reviewed by Darin Adler. 7 8 * fast/canvas/crash-set-font-expected.txt: Added. 9 * fast/canvas/crash-set-font.html: Added. 10 1 11 2011-09-27 Ilya Tikhonovsky <loislo@chromium.org> 2 12 -
trunk/Source/WebCore/ChangeLog
r96120 r96122 1 2011-09-27 Julien Chaffraix <jchaffraix@webkit.org> 2 3 Crash because CSSPrimitiveValue::computeLengthDouble assumes fontMetrics are available 4 https://bugs.webkit.org/show_bug.cgi?id=66291 5 6 Reviewed by Darin Adler. 7 8 Test: fast/canvas/crash-set-font.html 9 10 This is Yet Another Missing updateFont (similar to bug 57756 and likely others). Here the issue is that 11 applying one of the font properties could mutate the parent style's font if m_parentStyle == m_style. 12 We would then query the newly created font when applying CSSPropertyFontSize, which has no font fallback 13 list as Font::update was never called. 14 15 The right fix would be to refactor of how we handle fonts to avoid such manual updates (see bug 62390). 16 Until this happens, it is better not to crash. 17 18 * css/CSSStyleSelector.cpp: 19 (WebCore::CSSStyleSelector::applyProperty): Added updateFont() here as the fonts could have been 20 mutated by the previous property change. Also added a comment explaining why it is safe to do it 21 this way. 22 1 23 2011-09-27 No'am Rosenthal <noam.rosenthal@nokia.com> 2 24 -
trunk/Source/WebCore/css/CSSStyleSelector.cpp
r95966 r96122 3030 3030 applyProperty(CSSPropertyFontVariant, font->variant.get()); 3031 3031 applyProperty(CSSPropertyFontWeight, font->weight.get()); 3032 // The previous properties can dirty our font but they don't try to read the font's 3033 // properties back, which is safe. However if font-size is using the 'ex' unit, it will 3034 // need query the dirtied font's x-height to get the computed size. To be safe in this 3035 // case, let's just update the font now. 3036 updateFont(); 3032 3037 applyProperty(CSSPropertyFontSize, font->size.get()); 3033 3038
Note: See TracChangeset
for help on using the changeset viewer.