[Chromium] Crash in HarfbuzzFace::~HarfbuzzFace
authorbashi@chromium.org <bashi@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Aug 2011 17:23:24 +0000 (17:23 +0000)
committerbashi@chromium.org <bashi@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Aug 2011 17:23:24 +0000 (17:23 +0000)
https://bugs.webkit.org/show_bug.cgi?id=66211

Holds Skia's unique font ID instead of FontPlatformData to avoid accessing freed FontPlatformData.

Reviewed by Tony Chang.

No new tests; no functional change.

* platform/graphics/chromium/HarfbuzzSkia.cpp:
(WebCore::releaseCachedHarfbuzzFace): Changed the argument.
(WebCore::HarfbuzzFace::HarfbuzzFace): Changed to have Skia's font uniqueID instead of FontPlatformData.
(WebCore::HarfbuzzFace::~HarfbuzzFace): Uses m_uniqueID to call releaseCachedHarfbuzzFace.
* platform/graphics/chromium/HarfbuzzSkia.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@93216 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/chromium/HarfbuzzSkia.cpp
Source/WebCore/platform/graphics/chromium/HarfbuzzSkia.h

index 77f10f5..1e30ebf 100644 (file)
@@ -1,3 +1,20 @@
+2011-08-17  Kenichi Ishibashi  <bashi@chromium.org>
+
+        [Chromium] Crash in HarfbuzzFace::~HarfbuzzFace
+        https://bugs.webkit.org/show_bug.cgi?id=66211
+
+        Holds Skia's unique font ID instead of FontPlatformData to avoid accessing freed FontPlatformData.
+
+        Reviewed by Tony Chang.
+
+        No new tests; no functional change.
+
+        * platform/graphics/chromium/HarfbuzzSkia.cpp:
+        (WebCore::releaseCachedHarfbuzzFace): Changed the argument.
+        (WebCore::HarfbuzzFace::HarfbuzzFace): Changed to have Skia's font uniqueID instead of FontPlatformData.
+        (WebCore::HarfbuzzFace::~HarfbuzzFace): Uses m_uniqueID to call releaseCachedHarfbuzzFace.
+        * platform/graphics/chromium/HarfbuzzSkia.h:
+
 2011-08-17  Jeff Miller  <jeffm@apple.com>
 
         Re-sort the WebCore project with Visual Studio after recent changes that I assume were done by manually editing the XML.
index 1dfeceb..21af195 100644 (file)
@@ -246,9 +246,8 @@ static HB_FaceRec_* getCachedHarfbuzzFace(FontPlatformData* platformData)
     return result.get()->second.first;
 }
 
-static void releaseCachedHarfbuzzFace(FontPlatformData* platformData)
+static void releaseCachedHarfbuzzFace(SkFontID uniqueID)
 {
-    SkFontID uniqueID = platformData->uniqueID();
     HarfbuzzFaceCache::iterator result = gHarfbuzzFaceCache->find(uniqueID);
     ASSERT(result != gHarfbuzzFaceCache->end());
     ASSERT(result.get()->second.second > 0);
@@ -260,14 +259,14 @@ static void releaseCachedHarfbuzzFace(FontPlatformData* platformData)
 }
 
 HarfbuzzFace::HarfbuzzFace(FontPlatformData* platformData)
-    : m_platformData(platformData)
+    : m_uniqueID(platformData->uniqueID())
 {
-    m_harfbuzzFace = getCachedHarfbuzzFace(m_platformData);
+    m_harfbuzzFace = getCachedHarfbuzzFace(platformData);
 }
 
 HarfbuzzFace::~HarfbuzzFace()
 {
-    releaseCachedHarfbuzzFace(m_platformData);
+    releaseCachedHarfbuzzFace(m_uniqueID);
 }
 
 }  // namespace WebCore
index c71debe..c743cc3 100644 (file)
@@ -55,7 +55,7 @@ public:
 private:
     explicit HarfbuzzFace(FontPlatformData*);
 
-    FontPlatformData* m_platformData;
+    uint32_t m_uniqueID;
     HB_FaceRec_* m_harfbuzzFace;
 };