Fix infinite recursion crash in HarfBuzz' CoreText backend

Fix infinite recursion crash in HarfBuzz' CoreText backend

The font cascade reconfiguration which was introduced as fix for AAT
shaping performance regressions in crbug.com/547912 seems to
occasionally cause CoreText crashes on OS X 10.9. We don't have a better
way of detecting this than by OS or CoreText API version number. This is
one of our top Mac crashers on Mac OS 10.9 with Chrome across versions [1].

This crash does not occur in newer versions of OS X and we can keep this
important performance optimization enabled there.

A big thanks to Robert Sesek (rsesek@) for the patient and thorough
initial investigation. Discussing and working together on this issue we
were able to identify the crash triggering code in HarfBuzz in this
case.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=576941#c74

BUG=576941, 625902
Committed: https://crrev.com/64a2d4d02ea769c849df4718d196df12a3f79091
Cr-Commit-Position: refs/heads/master@{#407185}

[drott, 2016-07-22 15:41:24]

The CQ bit was checked by drott@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-22 15:41:41]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[drott, 2016-07-22 15:41:50]

drott@chromium.org changed reviewers:
+ behdad@chromium.org, eae@chromium.org, rsesek@chromium.org

[drott, 2016-07-22 15:43:02]

Description was changed from

==========
Fix infinite recursion crash in HarfBuzz' CoreText backend

The font cascade reconfiguration which was introduced as fix for AAT
shaping performance regressions in crbug.com/547912 seems to
occasionally cause CoreText crashes on OS X 10.9. We don't have a better
way of detecting this then by OS or CoreText API version number. This is
one of our top Mac crashers on Mac OS 10.9 with Chrome across versions [1].

This crash does not occur in newer versions of OS X and we can keep this
important performance optimization enabled there.

A big thanks to Robert Sesek (rsesek@) for the patient and thorough
initial investigation. Discussing and working together on this issue we
were able to identify the crash triggering code in HarfBuzz in this
case.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=576941#c74

BUG=576941, 625902
==========

to

==========
Fix infinite recursion crash in HarfBuzz' CoreText backend

The font cascade reconfiguration which was introduced as fix for AAT
shaping performance regressions in crbug.com/547912 seems to
occasionally cause CoreText crashes on OS X 10.9. We don't have a better
way of detecting this than by OS or CoreText API version number. This is
one of our top Mac crashers on Mac OS 10.9 with Chrome across versions [1].

This crash does not occur in newer versions of OS X and we can keep this
important performance optimization enabled there.

A big thanks to Robert Sesek (rsesek@) for the patient and thorough
initial investigation. Discussing and working together on this issue we
were able to identify the crash triggering code in HarfBuzz in this
case.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=576941#c74

BUG=576941, 625902
==========

[Robert Sesek, 2016-07-22 15:56:11]

https://codereview.chromium.org/2173883002/diff/1/third_party/harfbuzz-ng/src...
File third_party/harfbuzz-ng/src/hb-coretext.cc (right):

https://codereview.chromium.org/2173883002/diff/1/third_party/harfbuzz-ng/src...
third_party/harfbuzz-ng/src/hb-coretext.cc:153: if (&CTGetCoreTextVersion !=
NULL && CTGetCoreTextVersion() <= kCTVersionNumber10_9)
This still crashes for me, so I added some logging:

printf("CTGetCoreTextVersion = %p ==> %d <= %d\n", &CTGetCoreTextVersion,
CTGetCoreTextVersion(), kCTVersionNumber10_9);

That prints:
CTGetCoreTextVersion = 0x7fff8d6258b8 ==> 393217 <= 393216

hex(393217) = '0x60001'
hex(393216) = '0x60000'

I don't know where/if 0x60001 is defined--definitely not in CoreText.h.

[drott, 2016-07-22 15:58:01]

The CQ bit was checked by drott@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-22 15:58:05]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[drott, 2016-07-22 15:59:00]

The CQ bit was checked by drott@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-22 15:59:15]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[drott, 2016-07-22 15:59:33]

Patchset #2 (id:20001) has been deleted

[drott, 2016-07-22 16:00:12]

On 2016/07/22 at 15:56:11, rsesek wrote:

> That prints:
> CTGetCoreTextVersion = 0x7fff8d6258b8 ==> 393217 <= 393216
> 
> hex(393217) = '0x60001'
> hex(393216) = '0x60000'
> 
> I don't know where/if 0x60001 is defined--definitely not in CoreText.h.

Ugh, okay updated to < kCTVersionNumber10_10.

[Robert Sesek, 2016-07-22 16:02:29]

LGTM. Verified in my 10.9 VM using the repro information in bug 625902.

[drott, 2016-07-22 16:03:39]

The CQ bit was unchecked by drott@chromium.org

[drott, 2016-07-22 16:03:45]

The CQ bit was checked by drott@chromium.org

[commit-bot: I haz the power, 2016-07-22 16:04:06]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-22 17:15:46]

Committed patchset #2 (id:40001)

[commit-bot: I haz the power, 2016-07-22 17:18:53]

Description was changed from

==========
Fix infinite recursion crash in HarfBuzz' CoreText backend

The font cascade reconfiguration which was introduced as fix for AAT
shaping performance regressions in crbug.com/547912 seems to
occasionally cause CoreText crashes on OS X 10.9. We don't have a better
way of detecting this than by OS or CoreText API version number. This is
one of our top Mac crashers on Mac OS 10.9 with Chrome across versions [1].

This crash does not occur in newer versions of OS X and we can keep this
important performance optimization enabled there.

A big thanks to Robert Sesek (rsesek@) for the patient and thorough
initial investigation. Discussing and working together on this issue we
were able to identify the crash triggering code in HarfBuzz in this
case.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=576941#c74

BUG=576941, 625902
==========

to

==========
Fix infinite recursion crash in HarfBuzz' CoreText backend

The font cascade reconfiguration which was introduced as fix for AAT
shaping performance regressions in crbug.com/547912 seems to
occasionally cause CoreText crashes on OS X 10.9. We don't have a better
way of detecting this than by OS or CoreText API version number. This is
one of our top Mac crashers on Mac OS 10.9 with Chrome across versions [1].

This crash does not occur in newer versions of OS X and we can keep this
important performance optimization enabled there.

A big thanks to Robert Sesek (rsesek@) for the patient and thorough
initial investigation. Discussing and working together on this issue we
were able to identify the crash triggering code in HarfBuzz in this
case.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=576941#c74

BUG=576941, 625902

Committed: https://crrev.com/64a2d4d02ea769c849df4718d196df12a3f79091
Cr-Commit-Position: refs/heads/master@{#407185}
==========

[commit-bot: I haz the power, 2016-07-22 17:18:54]

Patchset 2 (id:??) landed as
https://crrev.com/64a2d4d02ea769c849df4718d196df12a3f79091
Cr-Commit-Position: refs/heads/master@{#407185}

[eae, 2016-07-22 17:21:18]

LGTM

[behdad, 2016-07-22 21:08:32]

lgtm