[Webkit-unassigned] [Bug 44960] [chromium] fix memory corruption in Khmer rendering.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 31 11:06:46 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=44960
--- Comment #3 from Adam Langley <agl at chromium.org> 2010-08-31 11:06:46 PST ---
(In reply to comment #2)
> + // The |+ 1| here is a workaround for a bug in Harfbuzz: the Khmer
> + // shaper (at least) can fail because of insufficient glyph buffers
> + // and request 0 additional glyphs: throwing us into an infinite
> + // loop.
> + createGlyphArrays(m_item.num_glyphs + 1);
>
> Ugh, I fiddled with this code recently and I suspect I likely got the logic wrong. I think I remember someone mailing me with a fix to it, I wonder if it landed? Can you check the blame of this file and see if anyone other than me has touched it recently?
r61795 switched from doubling the array each time to using the hint given by Harfbuzz. However, that code /should/ have been correct. This is really a bug in Harfbuzz, but I'm not exactly an expert in Khmar so working around it here seems better.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list