Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/platform/fonts/Font.cpp

Issue 2152063002: Harden a security CHECK in Font::individualCharacterRanges (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@2743
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2000 Dirk Mueller (mueller@kde.org) 4 * (C) 2000 Dirk Mueller (mueller@kde.org)
5 * Copyright (C) 2003, 2006, 2010, 2011 Apple Inc. All rights reserved. 5 * Copyright (C) 2003, 2006, 2010, 2011 Apple Inc. All rights reserved.
6 * Copyright (c) 2007, 2008, 2010 Google Inc. All rights reserved. 6 * Copyright (c) 2007, 2008, 2010 Google Inc. All rights reserved.
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 750 matching lines...) Expand 10 before | Expand all | Expand 10 after
761 Vector<CharacterRange> Font::individualCharacterRanges(const TextRun& run) const 761 Vector<CharacterRange> Font::individualCharacterRanges(const TextRun& run) const
762 { 762 {
763 // TODO(pdr): Android is temporarily (crbug.com/577306) using the old simple 763 // TODO(pdr): Android is temporarily (crbug.com/577306) using the old simple
764 // shaper and using the complex shaper here can show differences between 764 // shaper and using the complex shaper here can show differences between
765 // the two shapers. This function is currently only called through SVG 765 // the two shapers. This function is currently only called through SVG
766 // which now exclusively uses the complex shaper, so the primary difference 766 // which now exclusively uses the complex shaper, so the primary difference
767 // will be improved shaping in SVG when compared to HTML. 767 // will be improved shaping in SVG when compared to HTML.
768 FontCachePurgePreventer purgePreventer; 768 FontCachePurgePreventer purgePreventer;
769 CachingWordShaper shaper(m_fontFallbackList->shapeCache(m_fontDescription)); 769 CachingWordShaper shaper(m_fontFallbackList->shapeCache(m_fontDescription));
770 auto ranges = shaper.individualCharacterRanges(this, run); 770 auto ranges = shaper.individualCharacterRanges(this, run);
771 DCHECK_EQ(ranges.size(), static_cast<unsigned>(run.length())); 771 // The shaper should return ranges.size == run.length but on some platforms
772 // (OSX10.9.5) we are seeing cases in the upper end of the unicode range
773 // where this is not true (see: crbug.com/620952). To catch these cases on
774 // more popular platforms, and to protect users, we are using a CHECK here.
775 CHECK_EQ(ranges.size(), static_cast<unsigned>(run.length()));
772 return ranges; 776 return ranges;
773 } 777 }
774 778
775 float Font::floatWidthForSimpleText(const TextRun& run, HashSet<const SimpleFont Data*>* fallbackFonts, FloatRect* glyphBounds) const 779 float Font::floatWidthForSimpleText(const TextRun& run, HashSet<const SimpleFont Data*>* fallbackFonts, FloatRect* glyphBounds) const
776 { 780 {
777 SimpleShaper shaper(this, run, nullptr, fallbackFonts, glyphBounds); 781 SimpleShaper shaper(this, run, nullptr, fallbackFonts, glyphBounds);
778 shaper.advance(run.length()); 782 shaper.advance(run.length());
779 return shaper.runWidthSoFar(); 783 return shaper.runWidthSoFar();
780 } 784 }
781 785
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
849 { 853 {
850 return m_fontFallbackList && m_fontFallbackList->loadingCustomFonts(); 854 return m_fontFallbackList && m_fontFallbackList->loadingCustomFonts();
851 } 855 }
852 856
853 bool Font::isFallbackValid() const 857 bool Font::isFallbackValid() const
854 { 858 {
855 return !m_fontFallbackList || m_fontFallbackList->isValid(); 859 return !m_fontFallbackList || m_fontFallbackList->isValid();
856 } 860 }
857 861
858 } // namespace blink 862 } // namespace blink
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698