Commit f448b246 authored by evan@chromium.org's avatar evan@chromium.org

2010-01-26 Evan Martin <evan@chromium.org>

        Reviewed by Tony Chang.

        [chromium] crash on getBoundingClientRect in complex text
        https://bugs.webkit.org/show_bug.cgi?id=53199

        Add a test that reproduces the crash and verifies the resulting values
        are sane (when it didn't crash, it would get garbage values).

        * platform/chromium-linux/fast/text/international/complex-text-rectangle-expected.txt: Added.
        * platform/chromium-linux/fast/text/international/complex-text-rectangle.html: Added.
2011-01-26  Evan Martin  <evan@chromium.org>

        Reviewed by Tony Chang.

        [chromium] crash on getBoundingClientRect in complex text
        https://bugs.webkit.org/show_bug.cgi?id=53199

        Use the correct array bound; we want the number of characters processed by
        the shaper, not the longest continuous script run length.

        Test: platform/chromium-linux/fast/text/international/complex-text-rectangle.html

        * platform/graphics/chromium/ComplexTextControllerLinux.cpp:
        (WebCore::ComplexTextController::nextScriptRun):
        * platform/graphics/chromium/ComplexTextControllerLinux.h:
        (WebCore::ComplexTextController::numCodePoints):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76732 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent ad5ee8e0
2010-01-26 Evan Martin <evan@chromium.org>
Reviewed by Tony Chang.
[chromium] crash on getBoundingClientRect in complex text
https://bugs.webkit.org/show_bug.cgi?id=53199
Add a test that reproduces the crash and verifies the resulting values
are sane (when it didn't crash, it would get garbage values).
* platform/chromium-linux/fast/text/international/complex-text-rectangle-expected.txt: Added.
* platform/chromium-linux/fast/text/international/complex-text-rectangle.html: Added.
2011-01-26 Emil A Eklund <eae@chromium.org>
Reviewed by Alexey Proskuryakov.
A⃕A︠A⃕A⃕A⃕A⃕A⃕⃕A͋ This test passes if it doesn't crash or log a failure message to the console.
<meta charset=utf-8>
<span id="a">A&#x20d5;A&#xFE20;A&#x20d5;A&#x20d5;A&#x20d5;A&#x20d5;A&#x20d5;&#x20d5;A&#x034b;</span>
This test passes if it doesn't crash or log a failure message to the console.
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
var textNode = document.getElementById('a').firstChild;
var length = textNode.textContent.length;
for (var start = 0; start < length; ++start) {
for (var end = 0; end < length; ++end) {
var range = document.createRange();
range.setStart(textNode, start);
range.setEnd(textNode, end);
var rect = range.getBoundingClientRect();
if (rect.width < 0 || rect.width > 200) {
console.log('FAIL: rect.width is ' + rect.width);
break;
}
}
}
</script>
2011-01-26 Evan Martin <evan@chromium.org>
Reviewed by Tony Chang.
[chromium] crash on getBoundingClientRect in complex text
https://bugs.webkit.org/show_bug.cgi?id=53199
Use the correct array bound; we want the number of characters processed by
the shaper, not the longest continuous script run length.
Test: platform/chromium-linux/fast/text/international/complex-text-rectangle.html
* platform/graphics/chromium/ComplexTextControllerLinux.cpp:
(WebCore::ComplexTextController::nextScriptRun):
* platform/graphics/chromium/ComplexTextControllerLinux.h:
(WebCore::ComplexTextController::numCodePoints):
2011-01-26 Emil A Eklund <eae@chromium.org>
Reviewed by Alexey Proskuryakov.
......@@ -149,7 +149,7 @@ bool ComplexTextController::nextScriptRun()
// Ensure we're not pointing at the small caps buffer.
m_item.string = m_run.characters();
if (!hb_utf16_script_run_next(&m_numCodePoints, &m_item.item, m_run.characters(), m_run.length(), &m_indexOfNextScriptRun))
if (!hb_utf16_script_run_next(0, &m_item.item, m_run.characters(), m_run.length(), &m_indexOfNextScriptRun))
return false;
// It is actually wrong to consider script runs at all in this code.
......
......@@ -111,7 +111,7 @@ public:
const unsigned short* logClusters() const { return m_item.log_clusters; }
// return the number of code points in the current script run
const unsigned numCodePoints() const { return m_numCodePoints; }
const unsigned numCodePoints() const { return m_item.item.length; }
// Return the current pixel position of the controller.
const unsigned offsetX() const { return m_offsetX; }
......@@ -141,7 +141,6 @@ private:
ssize_t m_indexOfNextScriptRun; // Indexes the script run in |m_run|.
unsigned m_offsetX; // Offset in pixels to the start of the next script run.
unsigned m_pixelWidth; // Width (in px) of the current script run.
unsigned m_numCodePoints; // Code points in current script run.
unsigned m_glyphsArrayCapacity; // Current size of all the Harfbuzz arrays.
OwnPtr<TextRun> m_normalizedRun;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment