Skip to content
  • jchaffraix@webkit.org's avatar
    Crash because CSSPrimitiveValue::computeLengthDouble assumes fontMetrics are available · 0412fbc9
    jchaffraix@webkit.org authored
    https://bugs.webkit.org/show_bug.cgi?id=66291
    
    Reviewed by Darin Adler.
    
    Source/WebCore:
    
    Test: fast/canvas/crash-set-font.html
    
    This is Yet Another Missing updateFont (similar to bug 57756 and likely others). Here the issue is that
    applying one of the font properties could mutate the parent style's font if m_parentStyle == m_style.
    We would then query the newly created font when applying CSSPropertyFontSize, which has no font fallback
    list as Font::update was never called.
    
    The right fix would be to refactor of how we handle fonts to avoid such manual updates (see bug 62390).
    Until this happens, it is better not to crash.
    
    * css/CSSStyleSelector.cpp:
    (WebCore::CSSStyleSelector::applyProperty): Added updateFont() here as the fonts could have been
    mutated by the previous property change. Also added a comment explaining why it is safe to do it
    this way.
    
    LayoutTests:
    
    * fast/canvas/crash-set-font-expected.txt: Added.
    * fast/canvas/crash-set-font.html: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96122 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    0412fbc9