[webkit-changes] [WebKit/WebKit] 151684: [WPE][GTK] Prevent HarfBuzz advance overflow
Vitaly Dyachkov
noreply at github.com
Mon Feb 27 07:03:08 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 1516848f1a9082adedc08b28f53f483ec50c2831
https://github.com/WebKit/WebKit/commit/1516848f1a9082adedc08b28f53f483ec50c2831
Author: Vitaly Dyachkov <vitaly at igalia.com>
Date: 2023-02-27 (Mon, 27 Feb 2023)
Changed paths:
M LayoutTests/platform/gtk/TestExpectations
M Source/WebCore/rendering/style/RenderStyleConstants.h
Log Message:
-----------
[WPE][GTK] Prevent HarfBuzz advance overflow
https://bugs.webkit.org/show_bug.cgi?id=229740
Reviewed by Carlos Garcia Campos.
When taking the complex text path we get glyph advances by calling `hb_buffer_get_glyph_positions`.
HarfBuzz uses `hb_position_t` aka `int32_t` type to store advances and offset,
where the first 16 bits are used to store the integer part and the second
16 bits to store the fractional precision part. Since this type is singed
we are left with only 15 bits for maximum positive advance value which gives
us 32767 or `std::numeric_limits<short>::max()`.
Fixes `fast/box-shadow/box-shadow-huge-area-crash.html`.
* LayoutTests/platform/gtk/TestExpectations:
* Source/WebCore/rendering/style/RenderStyleConstants.h:
Canonical link: https://commits.webkit.org/260882@main
More information about the webkit-changes
mailing list