Bug 32850

Summary: Allocate RemoteFontStream on the heap
Product: WebKit Reporter: Kwang Yul Seo <skyul>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: agl, commit-queue, eric, evan, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Allocate RemoteFontStream on the heap none

Kwang Yul Seo
Reported 2009-12-21 20:48:54 PST
In the chromium port of FontCustomPlatformData, an instance of RemoteFontStream is allocated on the stack, so its memory is freed immediately when FontCustomPlatformData::createFontCustomPlatformData returns. SkTypeface::CreateFromStream increments the reference count, but it keeps the pointer to the memory allocated on the stack which is not valid anymore. RemoteFontStream is a descendant of SkRefCount and SkRefCount::unref invokes SkDELETE(this) internally once the reference count reaches zero. This means that SkRefCount-ed instances must be allocated on the heap. It causes a crash in the acid3 test which loads web fonts.
Attachments
Allocate RemoteFontStream on the heap (1.94 KB, patch)
2009-12-21 20:55 PST, Kwang Yul Seo 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Kwang Yul Seo
Comment 1 2009-12-21 20:55:29 PST
Created attachment 45363 [details] Allocate RemoteFontStream on the heap RemoteFontStream must be allocated on the heap.
WebKit Review Bot
Comment 2 2009-12-21 20:57:47 PST
style-queue ran check-webkit-style on attachment 45363 [details] without any errors.
Eric Seidel (no email)
Comment 3 2009-12-21 21:35:24 PST
This would need review from one of the Chrome linux guys. Once they OK it, I'm happy to r+.
Adam Langley
Comment 4 2009-12-22 10:48:03 PST
LGTM
WebKit Commit Bot
Comment 5 2009-12-22 10:51:08 PST
Comment on attachment 45363 [details] Allocate RemoteFontStream on the heap Clearing flags on attachment: 45363 Committed r52492: <http://trac.webkit.org/changeset/52492>
WebKit Commit Bot
Comment 6 2009-12-22 10:51:13 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.