[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
eric at webkit.org
eric at webkit.org
Thu Apr 8 00:46:14 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit 7abb7e322cdcfcf771774f09628a504a6250bb66
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Dec 22 18:51:00 2009 +0000
2009-12-22 Kwang Yul Seo <skyul at company100.net>
Reviewed by Darin Adler.
Allocate RemoteFontStream on the heap
https://bugs.webkit.org/show_bug.cgi?id=32850
RemoteFontStream is allocated on the stack, so its memory is freed
immediately when FontCustomPlatformData::createFontCustomPlatformData
returns.
SkTypeface::CreateFromStream increments the reference count, but it keeps
the pointer to the memory allocated on the stack which is not valid
anymore.
RemoteFontStream is a descendant of SkRefCount and SkRefCount::unref
invokes SkDELETE(this) internally once the reference count reaches zero.
This means that SkRefCount-ed instances must be allocated on the heap.
* platform/graphics/chromium/FontCustomPlatformData.cpp:
(WebCore::createFontCustomPlatformData):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@52492 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index d9708f1..6c8f7d2 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -2,6 +2,28 @@
Reviewed by Darin Adler.
+ Allocate RemoteFontStream on the heap
+ https://bugs.webkit.org/show_bug.cgi?id=32850
+
+ RemoteFontStream is allocated on the stack, so its memory is freed
+ immediately when FontCustomPlatformData::createFontCustomPlatformData
+ returns.
+
+ SkTypeface::CreateFromStream increments the reference count, but it keeps
+ the pointer to the memory allocated on the stack which is not valid
+ anymore.
+
+ RemoteFontStream is a descendant of SkRefCount and SkRefCount::unref
+ invokes SkDELETE(this) internally once the reference count reaches zero.
+ This means that SkRefCount-ed instances must be allocated on the heap.
+
+ * platform/graphics/chromium/FontCustomPlatformData.cpp:
+ (WebCore::createFontCustomPlatformData):
+
+2009-12-22 Kwang Yul Seo <skyul at company100.net>
+
+ Reviewed by Darin Adler.
+
when condition COMPILER(RVCT) is fulfilled, we are trying to free a pointer to array allocated on the stack
https://bugs.webkit.org/show_bug.cgi?id=32861
diff --git a/WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp b/WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp
index 6bd7d7c..a902057 100644
--- a/WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp
+++ b/WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp
@@ -190,8 +190,8 @@ FontCustomPlatformData* createFontCustomPlatformData(SharedBuffer* buffer)
return 0;
return new FontCustomPlatformData(fontReference, fontName);
#elif PLATFORM(LINUX)
- RemoteFontStream stream(buffer);
- SkTypeface* typeface = SkTypeface::CreateFromStream(&stream);
+ RemoteFontStream* stream = new RemoteFontStream(buffer);
+ SkTypeface* typeface = SkTypeface::CreateFromStream(stream);
if (!typeface)
return 0;
return new FontCustomPlatformData(typeface);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list