[webkit-changes] [WebKit/WebKit] 472e74: Cherry-pick 260882 at main (1516848f1a90). https://bu...
Vitaly Dyachkov
noreply at github.com
Mon Feb 27 13:30:08 PST 2023
Branch: refs/heads/webkitglib/2.38
Home: https://github.com/WebKit/WebKit
Commit: 472e74898cccf6fbb9ee6befaafe9477d2600a60
https://github.com/WebKit/WebKit/commit/472e74898cccf6fbb9ee6befaafe9477d2600a60
Author: Vitaly Dyachkov <vitaly at igalia.com>
Date: 2023-02-27 (Mon, 27 Feb 2023)
Changed paths:
M LayoutTests/platform/gtk/TestExpectations
M Source/WebCore/rendering/style/RenderStyleConstants.h
Log Message:
-----------
Cherry-pick 260882 at main (1516848f1a90). https://bugs.webkit.org/show_bug.cgi?id=229740
[WPE][GTK] Prevent HarfBuzz advance overflow
https://bugs.webkit.org/show_bug.cgi?id=229740
Reviewed by Carlos Garcia Campos.
When taking the complex text path we get glyph advances by calling `hb_buffer_get_glyph_positions`.
HarfBuzz uses `hb_position_t` aka `int32_t` type to store advances and offset,
where the first 16 bits are used to store the integer part and the second
16 bits to store the fractional precision part. Since this type is singed
we are left with only 15 bits for maximum positive advance value which gives
us 32767 or `std::numeric_limits<short>::max()`.
Fixes `fast/box-shadow/box-shadow-huge-area-crash.html`.
* LayoutTests/platform/gtk/TestExpectations:
* Source/WebCore/rendering/style/RenderStyleConstants.h:
Canonical link: https://commits.webkit.org/260882@main
More information about the webkit-changes
mailing list