[Font Loading] Crash when a single load request causes multiple fonts to fail loading
authormmaxfield@apple.com <mmaxfield@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 8 Mar 2016 22:22:40 +0000 (22:22 +0000)
committermmaxfield@apple.com <mmaxfield@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 8 Mar 2016 22:22:40 +0000 (22:22 +0000)
commitf9200ceecc884822554a5d4e6100a361aa886346
treed9731fed94490200a9507c14360f171f035f38a8
parentf98c00133cf598b868cc004c5fb4a644658675c6
[Font Loading] Crash when a single load request causes multiple fonts to fail loading
https://bugs.webkit.org/show_bug.cgi?id=155009

Reviewed by Simon Fraser.

Source/WebCore:

In JavaScript, the first promise fulfillment/failure wins. However, in C++, any
subsequent fulfillments/failures cause a crash.

Test: fast/text/font-face-set-document-multiple-failure.html

* css/CSSFontFace.cpp:
(WebCore::iterateClients): Notifying a client may cause some other client
to be destroyed, thereby modifying the clients set. This function allows
for notifying clients in a resilient manner.
(WebCore::CSSFontFace::setStyle): Update to use iterateClients().
(WebCore::CSSFontFace::setWeight): Ditto.
(WebCore::CSSFontFace::setUnicodeRange): Ditto.
(WebCore::CSSFontFace::setVariantLigatures): Ditto.
(WebCore::CSSFontFace::setVariantPosition): Ditto.
(WebCore::CSSFontFace::setVariantCaps): Ditto.
(WebCore::CSSFontFace::setVariantNumeric): Ditto.
(WebCore::CSSFontFace::setVariantAlternates): Ditto.
(WebCore::CSSFontFace::setVariantEastAsian): Ditto.
(WebCore::CSSFontFace::setFeatureSettings): Ditto.
(WebCore::CSSFontFace::setStatus): Ditto.
(WebCore::CSSFontFace::notifyClientsOfFontPropertyChange): Deleted.
* css/CSSFontFace.h: Adding a way for clients to make sure they don't register
or deregister another client.
* css/CSSFontFaceSet.cpp:
(WebCore::CSSFontFaceSet::guardAgainstClientRegistrationChanges): Simple
ref()/deref() pair.
(WebCore::CSSFontFaceSet::stopGuardingAgainstClientRegistrationChanges):
* css/CSSFontFaceSet.h:
* css/FontFace.cpp: Ditto.
(WebCore::FontFace::guardAgainstClientRegistrationChanges):
(WebCore::FontFace::stopGuardingAgainstClientRegistrationChanges):
* css/FontFace.h:
* css/FontFaceSet.cpp:
(WebCore::FontFaceSet::faceFinished): Make sure that we only fulfil or reject
a promise once.
* css/FontFaceSet.h:
* dom/Document.cpp:
(WebCore::Document::fonts): The CSSFontFaces inside the CSSFontSelector get
created during style recalc. We may be in a state where there is a style
recalc pending. In order to make sure the Javascript API sees the current
state of the world, force a style recalc here (but only if one is pending).

LayoutTests:

* fast/text/font-face-set-document-multiple-failure-expected.txt: Added.
* fast/text/font-face-set-document-multiple-failure.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197804 268f45cc-cd09-0410-ab3c-d52691b4dbfc
13 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/text/font-face-set-document-multiple-failure-expected.txt [new file with mode: 0644]
LayoutTests/fast/text/font-face-set-document-multiple-failure.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/css/CSSFontFace.cpp
Source/WebCore/css/CSSFontFace.h
Source/WebCore/css/CSSFontFaceSet.cpp
Source/WebCore/css/CSSFontFaceSet.h
Source/WebCore/css/CSSSegmentedFontFace.h
Source/WebCore/css/FontFace.h
Source/WebCore/css/FontFaceSet.cpp
Source/WebCore/css/FontFaceSet.h
Source/WebCore/dom/Document.cpp