[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198

evan at chromium.org evan at chromium.org
Sun Feb 20 23:56:11 UTC 2011 

The following commit has been merged in the webkit-1.3 branch:
commit f448b246383f47a555bef5f21e3b09a664a4db69
Author: evan at chromium.org <evan at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Jan 27 00:49:04 2011 +0000

    2010-01-26  Evan Martin  <evan at chromium.org>
    
            Reviewed by Tony Chang.
    
            [chromium] crash on getBoundingClientRect in complex text
            https://bugs.webkit.org/show_bug.cgi?id=53199
    
            Add a test that reproduces the crash and verifies the resulting values
            are sane (when it didn't crash, it would get garbage values).
    
            * platform/chromium-linux/fast/text/international/complex-text-rectangle-expected.txt: Added.
            * platform/chromium-linux/fast/text/international/complex-text-rectangle.html: Added.
    2011-01-26  Evan Martin  <evan at chromium.org>
    
            Reviewed by Tony Chang.
    
            [chromium] crash on getBoundingClientRect in complex text
            https://bugs.webkit.org/show_bug.cgi?id=53199
    
            Use the correct array bound; we want the number of characters processed by
            the shaper, not the longest continuous script run length.
    
            Test: platform/chromium-linux/fast/text/international/complex-text-rectangle.html
    
            * platform/graphics/chromium/ComplexTextControllerLinux.cpp:
            (WebCore::ComplexTextController::nextScriptRun):
            * platform/graphics/chromium/ComplexTextControllerLinux.h:
            (WebCore::ComplexTextController::numCodePoints):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76732 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index aa16f83..b7ed296 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,16 @@
+2010-01-26  Evan Martin  <evan at chromium.org>
+
+        Reviewed by Tony Chang.
+
+        [chromium] crash on getBoundingClientRect in complex text
+        https://bugs.webkit.org/show_bug.cgi?id=53199
+
+        Add a test that reproduces the crash and verifies the resulting values
+        are sane (when it didn't crash, it would get garbage values).
+
+        * platform/chromium-linux/fast/text/international/complex-text-rectangle-expected.txt: Added.
+        * platform/chromium-linux/fast/text/international/complex-text-rectangle.html: Added.
+
 2011-01-26  Emil A Eklund  <eae at chromium.org>
 
         Reviewed by Alexey Proskuryakov.
diff --git a/LayoutTests/platform/chromium-linux/fast/text/international/complex-text-rectangle-expected.txt b/LayoutTests/platform/chromium-linux/fast/text/international/complex-text-rectangle-expected.txt
new file mode 100644
index 0000000..dd75bc0
--- /dev/null
+++ b/LayoutTests/platform/chromium-linux/fast/text/international/complex-text-rectangle-expected.txt
@@ -0,0 +1 @@
+A⃕A︠A⃕A⃕A⃕A⃕A⃕⃕A͋ This test passes if it doesn't crash or log a failure message to the console.
diff --git a/LayoutTests/platform/chromium-linux/fast/text/international/complex-text-rectangle.html b/LayoutTests/platform/chromium-linux/fast/text/international/complex-text-rectangle.html
new file mode 100644
index 0000000..4b2c86c
--- /dev/null
+++ b/LayoutTests/platform/chromium-linux/fast/text/international/complex-text-rectangle.html
@@ -0,0 +1,25 @@
+<meta charset=utf-8>
+
+<span id="a">A&#x20d5;A&#xFE20;A&#x20d5;A&#x20d5;A&#x20d5;A&#x20d5;A&#x20d5;&#x20d5;A&#x034b;</span>
+
+This test passes if it doesn't crash or log a failure message to the console.
+
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+var textNode = document.getElementById('a').firstChild;
+var length = textNode.textContent.length;
+for (var start = 0; start < length; ++start) {
+    for (var end = 0; end < length; ++end) {
+        var range = document.createRange();
+        range.setStart(textNode, start);
+        range.setEnd(textNode, end);
+        var rect = range.getBoundingClientRect();
+        if (rect.width < 0 || rect.width > 200) {
+            console.log('FAIL: rect.width is ' + rect.width);
+            break;
+        }
+    }
+}
+</script>
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index b2ce4ff..d8499fa 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2011-01-26  Evan Martin  <evan at chromium.org>
+
+        Reviewed by Tony Chang.
+
+        [chromium] crash on getBoundingClientRect in complex text
+        https://bugs.webkit.org/show_bug.cgi?id=53199
+
+        Use the correct array bound; we want the number of characters processed by
+        the shaper, not the longest continuous script run length.
+
+        Test: platform/chromium-linux/fast/text/international/complex-text-rectangle.html
+
+        * platform/graphics/chromium/ComplexTextControllerLinux.cpp:
+        (WebCore::ComplexTextController::nextScriptRun):
+        * platform/graphics/chromium/ComplexTextControllerLinux.h:
+        (WebCore::ComplexTextController::numCodePoints):
+
 2011-01-26  Emil A Eklund  <eae at chromium.org>
 
         Reviewed by Alexey Proskuryakov.
diff --git a/Source/WebCore/platform/graphics/chromium/ComplexTextControllerLinux.cpp b/Source/WebCore/platform/graphics/chromium/ComplexTextControllerLinux.cpp
index 31fc4f7..6d15510 100644
--- a/Source/WebCore/platform/graphics/chromium/ComplexTextControllerLinux.cpp
+++ b/Source/WebCore/platform/graphics/chromium/ComplexTextControllerLinux.cpp
@@ -149,7 +149,7 @@ bool ComplexTextController::nextScriptRun()
     // Ensure we're not pointing at the small caps buffer.
     m_item.string = m_run.characters();
 
-    if (!hb_utf16_script_run_next(&m_numCodePoints, &m_item.item, m_run.characters(), m_run.length(), &m_indexOfNextScriptRun))
+    if (!hb_utf16_script_run_next(0, &m_item.item, m_run.characters(), m_run.length(), &m_indexOfNextScriptRun))
         return false;
 
     // It is actually wrong to consider script runs at all in this code.
diff --git a/Source/WebCore/platform/graphics/chromium/ComplexTextControllerLinux.h b/Source/WebCore/platform/graphics/chromium/ComplexTextControllerLinux.h
index 590816f..6a93878 100644
--- a/Source/WebCore/platform/graphics/chromium/ComplexTextControllerLinux.h
+++ b/Source/WebCore/platform/graphics/chromium/ComplexTextControllerLinux.h
@@ -111,7 +111,7 @@ public:
     const unsigned short* logClusters() const { return m_item.log_clusters; }
 
     // return the number of code points in the current script run
-    const unsigned numCodePoints() const { return m_numCodePoints; }
+    const unsigned numCodePoints() const { return m_item.item.length; }
 
     // Return the current pixel position of the controller.
     const unsigned offsetX() const { return m_offsetX; }
@@ -141,7 +141,6 @@ private:
     ssize_t m_indexOfNextScriptRun; // Indexes the script run in |m_run|.
     unsigned m_offsetX; // Offset in pixels to the start of the next script run.
     unsigned m_pixelWidth; // Width (in px) of the current script run.
-    unsigned m_numCodePoints; // Code points in current script run.
     unsigned m_glyphsArrayCapacity; // Current size of all the Harfbuzz arrays.
 
     OwnPtr<TextRun> m_normalizedRun;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list