Bug 32850 - Allocate RemoteFontStream on the heap
Summary: Allocate RemoteFontStream on the heap
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
Depends on:
Reported: 2009-12-21 20:48 PST by Kwang Yul Seo
Modified: 2009-12-22 10:51 PST (History)
5 users (show)

See Also:

Allocate RemoteFontStream on the heap (1.94 KB, patch)
2009-12-21 20:55 PST, Kwang Yul Seo
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Kwang Yul Seo 2009-12-21 20:48:54 PST
In the chromium port of FontCustomPlatformData, an instance of RemoteFontStream is allocated on the stack, so its memory is freed immediately when FontCustomPlatformData::createFontCustomPlatformData returns. 

SkTypeface::CreateFromStream increments the reference count, but it keeps the pointer to the memory allocated on the stack which is not valid anymore.

RemoteFontStream is a descendant of SkRefCount and SkRefCount::unref invokes SkDELETE(this) internally once the reference count reaches zero. This means that SkRefCount-ed instances must be allocated on the heap.

It causes a crash in the acid3 test which loads web fonts.
Comment 1 Kwang Yul Seo 2009-12-21 20:55:29 PST
Created attachment 45363 [details]
Allocate RemoteFontStream on the heap

RemoteFontStream must be allocated on the heap.
Comment 2 WebKit Review Bot 2009-12-21 20:57:47 PST
style-queue ran check-webkit-style on attachment 45363 [details] without any errors.
Comment 3 Eric Seidel (no email) 2009-12-21 21:35:24 PST
This would need review from one of the Chrome linux guys.  Once they OK it, I'm happy to r+.
Comment 4 Adam Langley 2009-12-22 10:48:03 PST
Comment 5 WebKit Commit Bot 2009-12-22 10:51:08 PST
Comment on attachment 45363 [details]
Allocate RemoteFontStream on the heap

Clearing flags on attachment: 45363

Committed r52492: <http://trac.webkit.org/changeset/52492>
Comment 6 WebKit Commit Bot 2009-12-22 10:51:13 PST
All reviewed patches have been landed.  Closing bug.