Bug 149677

Summary: Crash when using an SVG font with > 390 glyphs
Product: WebKit Reporter: Myles C. Maxfield <mmaxfield>
Component: New BugsAssignee: Myles C. Maxfield <mmaxfield>
Status: RESOLVED FIXED    
Severity: Normal CC: dino, jonlee, simon.fraser, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch simon.fraser: review+

Myles C. Maxfield
Reported 2015-09-30 13:38:06 PDT
Crash when the SVG -> OTF font converter generates an invalid font
Attachments
Patch (1.94 KB, patch)
2015-09-30 13:39 PDT, Myles C. Maxfield 		no flags
DetailsFormatted DiffDiff
Patch (1.03 MB, patch)
2015-09-30 16:31 PDT, Myles C. Maxfield 		simon.fraser: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Myles C. Maxfield
Comment 1 2015-09-30 13:39:09 PDT
Created attachment 262189 [details] Patch
Myles C. Maxfield
Comment 2 2015-09-30 13:41:56 PDT
<rdar://problem/21676402>
Myles C. Maxfield
Comment 3 2015-09-30 16:31:48 PDT
Created attachment 262204 [details] Patch
Myles C. Maxfield
Comment 4 2015-09-30 16:33:22 PDT
Comment on attachment 262204 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=262204&action=review > Source/WebCore/ChangeLog:3 > + Crash when the SVG -> OTF font converter generates an invalid font Crash when using an SVG font with > 390 glyphs
Simon Fraser (smfr)
Comment 5 2015-09-30 16:35:50 PDT
Comment on attachment 262204 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=262204&action=review > Source/WebCore/ChangeLog:4 > + https://bugs.webkit.org/show_bug.cgi?id=149677 Radar? > Source/WebCore/svg/SVGToOTFFontConversion.cpp:642 > - append32(userDefinedStringStartIndex + 1); > + append32(userDefinedStringStartIndex + 2); Is this part of the same fix?
Myles C. Maxfield
Comment 6 2015-09-30 16:52:07 PDT
Comment on attachment 262204 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=262204&action=review >> Source/WebCore/svg/SVGToOTFFontConversion.cpp:642 >> + append32(userDefinedStringStartIndex + 2); > > Is this part of the same fix? Yep.
Myles C. Maxfield
Comment 7 2015-09-30 17:04:38 PDT
Committed r190375: <http://trac.webkit.org/changeset/190375>
Note You need to log in before you can comment on or make changes to this bug.