[webkit-reviews] review granted: [Bug 189154] The width of a nullptr TextRun should be zero : [Attachment 348655] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 31 16:09:09 PDT 2018
zalan <zalan at apple.com> has granted Brent Fulgham <bfulgham at webkit.org>'s
request for review:
Bug 189154: The width of a nullptr TextRun should be zero
https://bugs.webkit.org/show_bug.cgi?id=189154
Attachment 348655: Patch
https://bugs.webkit.org/attachment.cgi?id=348655&action=review
--- Comment #18 from zalan <zalan at apple.com> ---
Comment on attachment 348655
--> https://bugs.webkit.org/attachment.cgi?id=348655
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=348655&action=review
> Source/WebCore/rendering/RenderText.cpp:1246
> + if (!m_text.isEmpty()) {
computeCanUseSimplifiedTextMeasuring could actually early return with true if
it has no content.
auto& font = style().fontCascade();
if (font.wordSpacing() || font.letterSpacing())
return false;
if (m_text.isEmpty()
return true;
> Source/WebCore/rendering/svg/SVGTextMetricsBuilder.cpp:108
> + if (text.length()) {
> + m_isComplexText = scaledFont.codePath(m_run) ==
FontCascade::Complex;
>
> - if (m_isComplexText)
> - m_simpleWidthIterator = nullptr;
> - else
> - m_simpleWidthIterator = std::make_unique<WidthIterator>(&scaledFont,
m_run);
> + if (m_isComplexText)
> + m_simpleWidthIterator = nullptr;
> + else
> + m_simpleWidthIterator =
std::make_unique<WidthIterator>(&scaledFont, m_run);
> + }
In here you need to re-create the m_simpleWidthIterator with the new m_run (to
avoid UAF)
More information about the webkit-reviews
mailing list