From 26293c75113cb08e4392ef98da92d6fb1c65b40c Mon Sep 17 00:00:00 2001 From: Russell Brenner Date: Thu, 3 Mar 2011 15:57:01 -0800 Subject: Fixed 3469204: Crash using downloaded fonts This change is still pending upstream, but is being applied here now to make it into M1 before lockdown. Track the WebKit change at: https://bugs.webkit.org/show_bug.cgi?id=54758 When font downloading completes, CSSFontFaceSource::fontLoaded() and CSSSegmentedFontFace::fontLoaded() called pruneTable() to reclaim GlyphPageTreeNode memory. On Android, downloading and rendering are on different threads and these GlyphPageTreeNodes may still be in use on the UI thread. This change defers freeing those GlyphPageTreeNodes until CSSFontFaceSource and CSSSegmentedFontFace are destroyed, which occurs on the UI thread in response to Document::scheduleForcedStyleRecalc(), which was called by CSSFontSelector::fontLoaded(). Change-Id: Ica74e5be92c00b8c761f5d29a2310c46e62fd9eb --- WebCore/css/CSSFontFaceSource.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'WebCore/css/CSSFontFaceSource.cpp') diff --git a/WebCore/css/CSSFontFaceSource.cpp b/WebCore/css/CSSFontFaceSource.cpp index d5dc6ec..aa09b05 100644 --- a/WebCore/css/CSSFontFaceSource.cpp +++ b/WebCore/css/CSSFontFaceSource.cpp @@ -92,7 +92,12 @@ bool CSSFontFaceSource::isValid() const void CSSFontFaceSource::fontLoaded(CachedFont*) { - pruneTable(); + // On Android, rendering and font loading occur on separate threads, so + // pruning from here can leave dangling refs to deleted GlyphPageTreeNodes. + // Pruning will still occur via ~CSSSegmentedFontFace, when it's safe. +#if !PLATFORM(ANDROID) + pruneTable(); +#endif if (m_face) m_face->fontLoaded(this); } -- cgit v1.1