RESOLVED FIXED 31254
[GTK] FontCache::getFontDataForCharacters() crashes when a page uses custom fonts 
https://bugs.webkit.org/show_bug.cgi?id=31254
Summary [GTK] FontCache::getFontDataForCharacters() crashes when a page uses custom f...
Jarda Gresula
Reported 2009-11-09 05:55:57 PST
http://jacobian.org/writing/python-is-unix/ crashes GtkLauncher with the following backtrace: #0 0x00007f70b895e800 in ?? () from /usr/lib/libfontconfig.so.1 #1 0x00007f70b895e8a0 in ?? () from /usr/lib/libfontconfig.so.1 #2 0x00007f70b895c577 in FcFontSetSort () from /usr/lib/libfontconfig.so.1 #3 0x00007f70b895cb39 in FcFontSort () from /usr/lib/libfontconfig.so.1 #4 0x00007f70bd4a9440 in WebCore::FontCache::getFontDataForCharacters (...) at WebCore/platform/graphics/gtk/FontCacheGtk.cpp:43 #5 0x00007f70bd1a47ed in WebCore::Font::glyphDataForCharacter (...) at WebCore/platform/graphics/FontFastPath.cpp:151 #6 0x00007f70bd1be6e9 in WebCore::WidthIterator::advance (...) at WebCore/platform/graphics/WidthIterator.cpp:116 #7 0x00007f70bd1a3a23 in WebCore::Font::floatWidthForSimpleText (...) at WebCore/platform/graphics/FontFastPath.cpp:327 [..] The reason is that WebCore::FontCache::getFontDataForCharacters() assumes that prim->m_pattern is always non-NULL which is not the case for a custom font. The following fix works for me: --- a/WebCore/platform/graphics/gtk/FontCacheGtk.cpp +++ b/WebCore/platform/graphics/gtk/FontCacheGtk.cpp @@ -39,6 +39,10 @@ const SimpleFontData* FontCache::getFontDataForCharacters(const Font& font, cons FcResult fresult; FontPlatformData* prim = const_cast<FontPlatformData*>(&font.primaryFont()->platformData()); + // prim->m_pattern can be null if it is a custom font + if (!prim->m_pattern) + return 0; + if (!prim->m_fallbacks) prim->m_fallbacks = FcFontSort(NULL, prim->m_pattern, FcTrue, NULL, &fresult);
Attachments
Add attachment proposed patch, testcase, etc.
Martin Robinson
Comment 1 2010-07-29 14:21:12 PDT
This check seems to exist in the code now. Thanks for reporting!
Note You need to log in before you can comment on or make changes to this bug.