Crash when getting font bounding rect
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 26 Aug 2016 18:12:56 +0000 (18:12 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 26 Aug 2016 18:12:56 +0000 (18:12 +0000)
commit06374d074ac6f568612343b02fcee95681be01d3
tree4ce1702420b0c1d7ceb3032ef412250c215e2e7f
parent47892557964a8e9483ab936b4e946529dea8a20a
Crash when getting font bounding rect
https://bugs.webkit.org/show_bug.cgi?id=161202
<rdar://problem/27986981>

Reviewed by Myles C. Maxfield.

We should never store GlyphData objects for later use, because they contain raw pointers to Font elements
contained in caches, and those font caches get periodically purged.

Instead, we should hold onto the ‘key’ representing the GlyphData, and simply ask the system for the
GlyphData the next time it is needed.

Tested by existing MathML tests under ASAN and GuardMalloc.

* rendering/mathml/RenderMathMLToken.cpp:
(WebCore::RenderMathMLToken::RenderMathMLToken): Clean up constructors.
(WebCore::RenderMathMLToken::computePreferredLogicalWidths): Use keys to get correct GlyphData when needed.
(WebCore::RenderMathMLToken::updateMathVariantGlyph): Ditto.
(WebCore::RenderMathMLToken::firstLineBaseline): Ditto.
(WebCore::RenderMathMLToken::layoutBlock): Ditto.
(WebCore::RenderMathMLToken::paint): Ditto.
(WebCore::RenderMathMLToken::paintChildren): Ditto.
* rendering/mathml/RenderMathMLToken.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@205031 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/rendering/mathml/RenderMathMLToken.cpp
Source/WebCore/rendering/mathml/RenderMathMLToken.h