[Webkit-unassigned] [Bug 25770] Possible Crash in FontFallbackList::determinePitch(const Font* font)?

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 9 19:51:58 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=25770


Hironori Bono <hbono at chromium.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |hbono at chromium.org




--- Comment #2 from Hironori Bono <hbono at chromium.org>  2010-11-09 19:51:58 PST ---
Greetings,

This issue somehow fall-backs to me. :)

(In reply to comment #0)
> is it ever possible/legal for primaryFont(font) to return null?  It certainly looks like it can.  But I'm not sure if that's because Chrome is doing something wrong, or if because determinePitch() is making bad assumptions about primaryFont()?
> If the primaryFont() assumption is wrong, then this crasher probably hits Safari too, but I don't know how I would reproduce it.

Yes, it is possible on Windows Chrome as I wrote in <http://crbug.com/59707>. This crash happens on a PC that satisfies all the following conditions:
1. a last-resort font ("Arial", "Time New Roman", or "Courier New") is corrupted, and;
2. FontCache::getFontData() calls FontCache::getLastResortFallbackFont() to use the corrupted last-resort font.

One of its reproduction steps is listed below:
1. Delete "Arial", "Times New Roman", and "Courier New" fonts from the "C:\WINDOWS\Fonts" folder on Windows XP. (We cannot delete them on Vista or 7 because they are protected by Windows.)
2. Start Chrome.
(I recommend to try this on a virtual machine because it is very dangerous.)

I think this crash is a problem of our FontCache::getLastResortFallbackFont() implementation for Windows that may choose a corrupted font. (We also try choosing DEFAULT_GUI_FONT and non-client metrics fonts, which Windows ensures they are sane, as Windows Safari does?)

Regards,

Hironori Bono

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list