Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(158)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/css/FontFace.cpp

Issue 216563002: [SVG Fonts] Fix <font-face> element leak document (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: rebased Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/svg/svg-font-face-leak-document-expected.txt ('k') | Source/core/svg/SVGFontData.h » ('j') | Source/core/svg/SVGFontData.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2013 Google Inc. All rights reserved. 2 * Copyright (C) 2013 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 567 matching lines...) Expand 10 before | Expand all | Expand 10 after
578 } else 578 } else
579 #endif 579 #endif
580 { 580 {
581 source = adoptPtr(new RemoteFontFaceSource(fetched)); 581 source = adoptPtr(new RemoteFontFaceSource(fetched));
582 } 582 }
583 } 583 }
584 } 584 }
585 } else { 585 } else {
586 #if ENABLE(SVG_FONTS) 586 #if ENABLE(SVG_FONTS)
587 if (item->svgFontFaceElement()) { 587 if (item->svgFontFaceElement()) {
588 source = adoptPtr(new SVGFontFaceSource(item->svgFontFaceElement ())); 588 RefPtr<SVGFontFaceElement> fontfaceElement = item->svgFontFaceEl ement();
589 // SVGFontFaceSource assumes that it is the case where <font-fac e> element resides in the same document.
590 // We put a RELEASE_ASSERT here as it will cause UAF if the assu mption is false.
591 RELEASE_ASSERT(fontfaceElement->inDocument());
592 RELEASE_ASSERT(fontfaceElement->document() == document);
593 source = adoptPtr(new SVGFontFaceSource(fontfaceElement.get()));
589 } else 594 } else
590 #endif 595 #endif
591 { 596 {
592 source = adoptPtr(new LocalFontFaceSource(item->resource())); 597 source = adoptPtr(new LocalFontFaceSource(item->resource()));
593 } 598 }
594 } 599 }
595 600
596 if (source) 601 if (source)
597 m_cssFontFace->addSource(source.release()); 602 m_cssFontFace->addSource(source.release());
598 } 603 }
(...skipping 25 matching lines...) Expand all
624 visitor->trace(m_featureSettings); 629 visitor->trace(m_featureSettings);
625 visitor->trace(m_error); 630 visitor->trace(m_error);
626 } 631 }
627 632
628 bool FontFace::hadBlankText() const 633 bool FontFace::hadBlankText() const
629 { 634 {
630 return m_cssFontFace->hadBlankText(); 635 return m_cssFontFace->hadBlankText();
631 } 636 }
632 637
633 } // namespace WebCore 638 } // namespace WebCore
OLDNEW
« no previous file with comments | « LayoutTests/svg/svg-font-face-leak-document-expected.txt ('k') | Source/core/svg/SVGFontData.h » ('j') | Source/core/svg/SVGFontData.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698