Fixing memory read after free in CanvasRenderingContext2D::accessFont
authorjunov@google.com <junov@google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 7 Jan 2013 22:56:02 +0000 (22:56 +0000)
committerjunov@google.com <junov@google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 7 Jan 2013 22:56:02 +0000 (22:56 +0000)
commitc94550e9a26046f21ea3ec6e3e0553dd630c8f65
treecc5af35639a48d93376272181aefc44c67b8be16
parent5480840115a43707ecf9ce782ffeec89b675d80c
Fixing memory read after free in CanvasRenderingContext2D::accessFont
https://bugs.webkit.org/show_bug.cgi?id=106244

Reviewed by Abhishek Arya.

Source/WebCore:

Using a temporary String object to hold ref count on string that is
passed by reference in CanvasRenderingContext2D::accessFont.

Test: fast/canvas/canvas-measureText.html

* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::accessFont):

LayoutTests:

New test case to verify stability of 2D canvas method measureText.
Test case was causing a DumpRenderTree crash on builds with
AddressSantitizer instrumentation.

* fast/canvas/canvas-measureText-expected.txt: Added.
* fast/canvas/canvas-measureText.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@138994 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/canvas/canvas-measureText-expected.txt [new file with mode: 0644]
LayoutTests/fast/canvas/canvas-measureText.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp