[Webkit-unassigned] [Bug 35486] canvas fillText with @font-face crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 15 11:56:23 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=35486
Jakob Petsovits <jpetsovits at rim.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jpetsovits at rim.com
--- Comment #1 from Jakob Petsovits <jpetsovits at rim.com> 2010-06-15 11:56:23 PST ---
The issue is that the SimpleFontData object is deleted by CSSFontFaceSource::fontLoaded() - called from CachedFont::checkNotify(), CachedFont::data(), and that one from Loader::Host::didFinishLoading().
When CanvasRenderingContext2D::drawTextInternal() accesses the font the second time, after loading has finished, the Font's cached SimpleFontData is a corrupt pointer and (mostly) crashes when trying to draw. Still trying to understand why the font has to be deleted...
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list