Commit be03d6d0 authored by benjamin@webkit.org's avatar benjamin@webkit.org
Browse files

Regression (r145601): out-of-bounds read in line breaking / new width cache

https://bugs.webkit.org/show_bug.cgi?id=113347

Patch by Benjamin Poulain <bpoulain@apple.com> on 2013-03-26
Reviewed by Geoffrey Garen.

The values zero and 0xffff have special values with the default HashTraits. Those values
are also valid values for UChar.

To avoid any table inconsitency, switch from UChar to uint32_t as the key type for
the WidthCache's single char map. The traits is also changed to allow zero as a normal
value.

This makes no space or time change over the previous code because:
-The struct KeyValuePair was already 64bits due to the ABI alignment restrictions on floats.
-The two hashes take the same number of instructions.

* platform/graphics/WidthCache.h:
(WidthCache):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146954 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 64d0d183
2013-03-26 Benjamin Poulain <bpoulain@apple.com>
Regression (r145601): out-of-bounds read in line breaking / new width cache
https://bugs.webkit.org/show_bug.cgi?id=113347
Reviewed by Geoffrey Garen.
The values zero and 0xffff have special values with the default HashTraits. Those values
are also valid values for UChar.
To avoid any table inconsitency, switch from UChar to uint32_t as the key type for
the WidthCache's single char map. The traits is also changed to allow zero as a normal
value.
This makes no space or time change over the previous code because:
-The struct KeyValuePair was already 64bits due to the ABI alignment restrictions on floats.
-The two hashes take the same number of instructions.
* platform/graphics/WidthCache.h:
(WidthCache):
2013-03-26 Kent Tamura <tkent@chromium.org>
 
Make HTMLProgressElement::isDeterminate private
......@@ -193,7 +193,7 @@ private:
}
typedef HashMap<SmallStringKey, float, SmallStringKeyHash, SmallStringKeyHashTraits> Map;
typedef HashMap<UChar, float> SingleCharMap;
typedef HashMap<uint32_t, float, DefaultHash<uint32_t>::Hash, WTF::UnsignedWithZeroKeyHashTraits<uint32_t> > SingleCharMap;
static const int s_minInterval = -3; // A cache hit pays for about 3 cache misses.
static const int s_maxInterval = 20; // Sampling at this interval has almost no overhead.
static const int s_maxSize = 500000; // Just enough to guard against pathological growth.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment