[Webkit-unassigned] [Bug 25770] New: Possible Crash in FontFallbackList::determinePitch(const Font* font)?
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 13 17:06:01 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=25770
Summary: Possible Crash in FontFallbackList::determinePitch(const
Font* font)?
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: CSS
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: eric at webkit.org
CC: hyatt at apple.com
Chrome is seeing reports of a few crashes in:
void FontFallbackList::determinePitch(const Font* font) const
{
const FontData* fontData = primaryFont(font);
if (!fontData->isSegmented()) // CRASH RIGHT HERE
m_pitch = static_cast<const SimpleFontData*>(fontData)->pitch();
else {
const SegmentedFontData* segmentedFontData = static_cast<const
SegmentedFontData*>(fontData);
unsigned numRanges = segmentedFontData->numRanges();
if (numRanges == 1)
m_pitch = segmentedFontData->rangeAt(0).fontData()->pitch();
else
m_pitch = VariablePitch;
}
}
is it ever possible/legal for primaryFont(font) to return null? It certainly
looks like it can. But I'm not sure if that's because Chrome is doing
something wrong, or if because determinePitch() is making bad assumptions about
primaryFont()?
If the primaryFont() assumption is wrong, then this crasher probably hits
Safari too, but I don't know how I would reproduce it.
For context:
const SimpleFontData* primaryFont() const {
if (!m_cachedPrimaryFont)
cachePrimaryFont();
return m_cachedPrimaryFont;
}
void Font::cachePrimaryFont() const
{
ASSERT(m_fontList);
ASSERT(!m_cachedPrimaryFont);
m_cachedPrimaryFont = m_fontList->primaryFont(this)->fontDataForCharacter('
');
}
const SimpleFontData* fontDataForCharacter(UChar32 c) const
{
return m_glyphFontData[indexForCharacter(c)];
}
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list