[Webkit-unassigned] [Bug 35486] canvas fillText with @font-face crashes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 15 11:56:23 PDT 2010


Jakob Petsovits <jpetsovits at rim.com> changed:

           What    |Removed                     |Added
                 CC|                            |jpetsovits at rim.com

--- Comment #1 from Jakob Petsovits <jpetsovits at rim.com>  2010-06-15 11:56:23 PST ---
The issue is that the SimpleFontData object is deleted by CSSFontFaceSource::fontLoaded() - called from CachedFont::checkNotify(), CachedFont::data(), and that one from Loader::Host::didFinishLoading().

When CanvasRenderingContext2D::drawTextInternal() accesses the font the second time, after loading has finished, the Font's cached SimpleFontData is a corrupt pointer and (mostly) crashes when trying to draw. Still trying to understand why the font has to be deleted...

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list