content/common/font_loader_mac.mm - Issue 7655040: Work around a ridiculous bug in ATS, a deprecated system framework

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/font_loader_mac.mm

Issue 7655040: Work around a ridiculous bug in ATS, a deprecated system framework (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: '' Created 9 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/common/font_loader_mac.mm

===================================================================

--- content/common/font_loader_mac.mm (revision 97090)

+++ content/common/font_loader_mac.mm (working copy)

@@ -13,6 +13,42 @@

#include "base/mac/mac_util.h"

#include "base/sys_string_conversions.h"

+extern "C" {

+// Work around http://crbug.com/93191, a really nasty memory smasher bug.

+// On Mac OS X 10.7 ("Lion"), ATS writes to memory it doesn't own.

+// SendDeactivateFontsInContainerMessage, called by ATSFontDeactivate,

+// may trash memory whenever dlsym(RTLD_DEFAULT,

+// "_CTFontManagerUnregisterFontForData") returns NULL. In that case, it tries

+// to locate that symbol in the CoreText framework, doing some extremely

+// sloppy string handling resulting in a likelihood that the string

+// "Text.framework/Versions/A/CoreText" will be written over memory that it

+// doesn't own. The kicker here is that Apple dlsym always inserts its own

+// leading underscore, so ATS actually winds up looking up a

+// __CTFontManagerUnregisterFontForData symbol, which doesn't even exist in

+// CoreText. It's only got the single-underscore variant corresponding to an

+// underscoreless extern "C" name.

+//

+// Providing a single-underscored extern "C" function by this name results in

+// a __CTFontManagerUnregisterFontForData symbol that, as long as it's public

+// (not private extern) and unstripped, ATS will find. If it finds it, it

+// avoids making amateur string mistakes that ruin everyone else's good time.

+//

+// Since ATS wouldn't normally be able to call this function anyway, it's just

+// left as a no-op here.

+//

+// This file seems as good as any other to place this function. It was chosen

+// because it already interfaces with ATS for other reasons.

+//

+// SendDeactivateFontsInContainerMessage on 10.6 ("Snow Leopard") appears to

+// share this bug but this sort of memory corruption wasn't detected until

+// 10.7. The implementation in 10.5 ("Leopard") does not have this problem.

+__attribute__((visibility("default")))

+void _CTFontManagerUnregisterFontForData(NSUInteger, int) {

+} // extern "C"

// static

bool FontLoader::LoadFontIntoBuffer(NSFont* font_to_encode,

base::SharedMemory* font_data,

« no previous file with comments | « chrome/app/framework.order ('k') | no next file » | no next file with comments »