WebKit Bugzilla
Attachment 348175 Details for
Bug 188993
: Null pointer deref in WidthIterator
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-188993-20180827112714.patch (text/plain), 4.69 KB, created by
Myles C. Maxfield
on 2018-08-27 11:27:15 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Myles C. Maxfield
Created:
2018-08-27 11:27:15 PDT
Size:
4.69 KB
patch
obsolete
>Subversion Revision: 235385 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index a0b9a02d491d3c7440ace8a2241c4e5350c5f514..d77e9f8cdcfb50adbd5caa01ae2b7751b728a678 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,17 @@ >+2018-08-27 Myles C. Maxfield <mmaxfield@apple.com> >+ >+ Null pointer deref in WidthIterator >+ https://bugs.webkit.org/show_bug.cgi?id=188993 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Test: fast/text/rtl-justification.html >+ >+ We simply need to guard glyphBuffer like we do in the rest of the function. >+ >+ * platform/graphics/WidthIterator.cpp: >+ (WebCore::WidthIterator::advanceInternal): >+ > 2018-08-27 Keith Rollin <krollin@apple.com> > > Build system support for LTO >diff --git a/Source/WebCore/platform/graphics/WidthIterator.cpp b/Source/WebCore/platform/graphics/WidthIterator.cpp >index 051409292af7e755e835e4e7050ec3eb7f347581..9bde879703f6a4df114996a2a8cc77e1c717fc59 100644 >--- a/Source/WebCore/platform/graphics/WidthIterator.cpp >+++ b/Source/WebCore/platform/graphics/WidthIterator.cpp >@@ -345,7 +345,7 @@ inline unsigned WidthIterator::advanceInternal(TextIterator& textIterator, Glyph > previousCharacter = character; > } > >- if (leftoverJustificationWidth) { >+ if (glyphBuffer && leftoverJustificationWidth) { > if (m_forTextEmphasis) > glyphBuffer->add(lastFontData->zeroWidthSpaceGlyph(), lastFontData, leftoverJustificationWidth, m_run.length() - 1); > else >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 83b4f7588082f39d378d6bee4633cc833294d244..59faf736d3b5d309740d067b327d801b30610073 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,13 @@ >+2018-08-27 Myles C. Maxfield <mmaxfield@apple.com> >+ >+ Null pointer deref in WidthIterator >+ https://bugs.webkit.org/show_bug.cgi?id=188993 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * fast/text/rtl-justification-expected.html: Added. >+ * fast/text/rtl-justification.html: Added. >+ > 2018-08-27 Youenn Fablet <youenn@apple.com> > > Update WPT tools to 87329a1 >diff --git a/LayoutTests/fast/text/rtl-justification-expected.html b/LayoutTests/fast/text/rtl-justification-expected.html >new file mode 100644 >index 0000000000000000000000000000000000000000..7a8815caee6dfdb6434f8514255b60970664009d >--- /dev/null >+++ b/LayoutTests/fast/text/rtl-justification-expected.html >@@ -0,0 +1,42 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<meta charset="utf-8"> >+</head> >+<body> >+This test passes if there is no crash. >+<div dir="rtl" style="width: 200px; text-align: justify;"> >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+</div> >+</body> >+</html> >diff --git a/LayoutTests/fast/text/rtl-justification.html b/LayoutTests/fast/text/rtl-justification.html >new file mode 100644 >index 0000000000000000000000000000000000000000..7a8815caee6dfdb6434f8514255b60970664009d >--- /dev/null >+++ b/LayoutTests/fast/text/rtl-justification.html >@@ -0,0 +1,42 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<meta charset="utf-8"> >+</head> >+<body> >+This test passes if there is no crash. >+<div dir="rtl" style="width: 200px; text-align: justify;"> >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+ת××× ××××× ×¢× >+</div> >+</body> >+</html>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=348175">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 188993
:
348173
| 348175 |
348192