[webkit-changes] [WebKit/WebKit] 65b6e6: Cherry-pick 260882 at main (1516848f1a90). https://bu...

[Vitaly Dyachkov]

  Branch: refs/heads/webkitglib/2.40
  Home:   https://github.com/WebKit/WebKit
  Commit: 65b6e65017be1193706c8e3f38e5f4de57dd1ec6
      https://github.com/WebKit/WebKit/commit/65b6e65017be1193706c8e3f38e5f4de57dd1ec6
  Author: Vitaly Dyachkov <vitaly at igalia.com>
  Date:   2023-02-27 (Mon, 27 Feb 2023)

  Changed paths:
    M LayoutTests/platform/gtk/TestExpectations
    M Source/WebCore/rendering/style/RenderStyleConstants.h

  Log Message:
  -----------
  Cherry-pick 260882 at main (1516848f1a90). https://bugs.webkit.org/show_bug.cgi?id=229740

    [WPE][GTK] Prevent HarfBuzz advance overflow
    https://bugs.webkit.org/show_bug.cgi?id=229740

    Reviewed by Carlos Garcia Campos.

    When taking the complex text path we get glyph advances by calling `hb_buffer_get_glyph_positions`.
    HarfBuzz uses `hb_position_t` aka `int32_t` type to store advances and offset,
    where the first 16 bits are used to store the integer part and the second
    16 bits to store the fractional precision part. Since this type is singed
    we are left with only 15 bits for maximum positive advance value which gives
    us 32767 or `std::numeric_limits<short>::max()`.

    Fixes `fast/box-shadow/box-shadow-huge-area-crash.html`.

    * LayoutTests/platform/gtk/TestExpectations:
    * Source/WebCore/rendering/style/RenderStyleConstants.h:

    Canonical link: https://commits.webkit.org/260882@main