diff options
author | claireho <chinglanho@gmail.com> | 2010-07-21 17:57:14 -0700 |
---|---|---|
committer | claireho <chinglanho@gmail.com> | 2010-07-23 09:48:02 -0700 |
commit | 42e55eb4ff3bde03d17a4cbfe0e4244d3a7b3e14 (patch) | |
tree | d7c02031dd7a39446842cb7455dead26e2aad657 /WebCore | |
parent | 23e9dd818a876304304944c844be7625f63383c4 (diff) | |
download | external_webkit-42e55eb4ff3bde03d17a4cbfe0e4244d3a7b3e14.zip external_webkit-42e55eb4ff3bde03d17a4cbfe0e4244d3a7b3e14.tar.gz external_webkit-42e55eb4ff3bde03d17a4cbfe0e4244d3a7b3e14.tar.bz2 |
Bug 2843604 : Layout_tests crash in FontAndroid.cpp.
2 problems were found in JSON-stringify.html test crash.
1. Dirty memory is re-used in FontAndroid.cpp.
2. Unnecessary delete/new GlyphArrays.
Change-Id: I16bfe96943815f35ef1730287d61295ecd3ea2ad
Diffstat (limited to 'WebCore')
-rw-r--r-- | WebCore/platform/graphics/android/FontAndroid.cpp | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/WebCore/platform/graphics/android/FontAndroid.cpp b/WebCore/platform/graphics/android/FontAndroid.cpp index 2f07bdf..71d66e6 100644 --- a/WebCore/platform/graphics/android/FontAndroid.cpp +++ b/WebCore/platform/graphics/android/FontAndroid.cpp @@ -564,27 +564,44 @@ private: void createGlyphArrays(int size) { m_item.glyphs = new HB_Glyph[size]; - memset(m_item.glyphs, 0, size * sizeof(HB_Glyph)); m_item.attributes = new HB_GlyphAttributes[size]; - memset(m_item.attributes, 0, size * sizeof(HB_GlyphAttributes)); m_item.advances = new HB_Fixed[size]; - memset(m_item.advances, 0, size * sizeof(HB_Fixed)); m_item.offsets = new HB_FixedPoint[size]; - memset(m_item.offsets, 0, size * sizeof(HB_FixedPoint)); m_glyphs16 = new uint16_t[size]; m_xPositions = new SkScalar[size]; m_item.num_glyphs = size; + m_glyphsArraySize = size; // Save the GlyphArrays size. + } + + void resetGlyphArrays() + { + int size = m_glyphsArraySize; + + // All the types here don't have pointers. It is safe to reset to + // zero unless Harfbuzz breaks the compatibility in the future. + memset(m_item.glyphs, 0, size * sizeof(m_item.glyphs[0])); + memset(m_item.attributes, 0, size * sizeof(m_item.attributes[0])); + memset(m_item.advances, 0, size * sizeof(m_item.advances[0])); + memset(m_item.offsets, 0, size * sizeof(m_item.offsets[0])); + memset(m_glyphs16, 0, size * sizeof(m_glyphs16[0])); + memset(m_xPositions, 0, size * sizeof(m_xPositions[0])); + + // Reset the array limit becuase HB_ShapeItem() overrides the + // m_item.num_glyphs. + m_item.num_glyphs = size; } void shapeGlyphs() { + resetGlyphArrays(); while (!HB_ShapeItem(&m_item)) { // We overflowed our arrays. Resize and retry. // HB_ShapeItem fills in m_item.num_glyphs with the needed size. deleteGlyphArrays(); - createGlyphArrays(m_item.num_glyphs); + createGlyphArrays(m_item.num_glyphs << 1); + resetGlyphArrays(); } } @@ -616,6 +633,7 @@ private: unsigned m_offsetX; // Offset in pixels to the start of the next script run. unsigned m_pixelWidth; // Width (in px) of the current script run. unsigned m_numCodePoints; // Code points in current script run. + unsigned m_glyphsArraySize; // Current size of all the Harfbuzz arrays. OwnPtr<TextRun> m_normalizedRun; OwnArrayPtr<UChar> m_normalizedBuffer; // A buffer for normalized run. |