- Revision
- 281380
- Author
- pvol...@apple.com
- Date
- 2021-08-21 15:04:40 -0700 (Sat, 21 Aug 2021)
Log Message
[Win] Crash under FontCache::lastResortFallbackFont
https://bugs.webkit.org/show_bug.cgi?id=228186
Reviewed by Myles C. Maxfield.
Source/WebCore:
Add null check to resolve crash in FontCache::lastResortFallbackFont. Additionally, return early in BitmapImage::getHBITMAPOfSize
when the bits per pixel in the bitmap is of unexpected size, since that will cause a crash under this function. This can happen
if an event is being handled while already in the Windows paint handler.
* platform/graphics/win/FontCacheWin.cpp:
(WebCore::FontCache::lastResortFallbackFont):
* platform/graphics/win/GraphicsContextCGWin.cpp:
(WebCore::CGContextWithHDC):
* platform/graphics/win/ImageCGWin.cpp:
(WebCore::BitmapImage::getHBITMAPOfSize):
Source/WebKitLegacy/win:
Add null check for bitmapDC. Proceeding without a valid bitmapDC will cause a crash. When painting is being done while already in the Windows paint handler,
we can end up with a bitmapDC which is null.
* WebView.cpp:
(WebView::paintIntoBackingStore):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (281379 => 281380)
--- trunk/Source/WebCore/ChangeLog 2021-08-21 19:19:56 UTC (rev 281379)
+++ trunk/Source/WebCore/ChangeLog 2021-08-21 22:04:40 UTC (rev 281380)
@@ -1,3 +1,21 @@
+2021-08-21 Per Arne <pvol...@apple.com>
+
+ [Win] Crash under FontCache::lastResortFallbackFont
+ https://bugs.webkit.org/show_bug.cgi?id=228186
+
+ Reviewed by Myles C. Maxfield.
+
+ Add null check to resolve crash in FontCache::lastResortFallbackFont. Additionally, return early in BitmapImage::getHBITMAPOfSize
+ when the bits per pixel in the bitmap is of unexpected size, since that will cause a crash under this function. This can happen
+ if an event is being handled while already in the Windows paint handler.
+
+ * platform/graphics/win/FontCacheWin.cpp:
+ (WebCore::FontCache::lastResortFallbackFont):
+ * platform/graphics/win/GraphicsContextCGWin.cpp:
+ (WebCore::CGContextWithHDC):
+ * platform/graphics/win/ImageCGWin.cpp:
+ (WebCore::BitmapImage::getHBITMAPOfSize):
+
2021-08-21 Myles C. Maxfield <mmaxfi...@apple.com>
[Cocoa] Single characters don't get shaped in the fast text codepath
Modified: trunk/Source/WebCore/platform/graphics/win/FontCacheWin.cpp (281379 => 281380)
--- trunk/Source/WebCore/platform/graphics/win/FontCacheWin.cpp 2021-08-21 19:19:56 UTC (rev 281379)
+++ trunk/Source/WebCore/platform/graphics/win/FontCacheWin.cpp 2021-08-21 22:04:40 UTC (rev 281380)
@@ -420,8 +420,11 @@
}
});
- if (!fallbackFontName.get().isEmpty())
- return *fontForFamily(fontDescription, fallbackFontName);
+ if (!fallbackFontName.get().isEmpty()) {
+ auto fallbackFont = fontForFamily(fontDescription, fallbackFontName);
+ if (fallbackFont)
+ return *fallbackFont;
+ }
auto hFont = adoptGDIObject(static_cast<HFONT>(GetStockObject(DEFAULT_GUI_FONT)));
FontPlatformData platformData(WTFMove(hFont), fontDescription.computedPixelSize(), false, false, false);
Modified: trunk/Source/WebCore/platform/graphics/win/GraphicsContextCGWin.cpp (281379 => 281380)
--- trunk/Source/WebCore/platform/graphics/win/GraphicsContextCGWin.cpp 2021-08-21 19:19:56 UTC (rev 281379)
+++ trunk/Source/WebCore/platform/graphics/win/GraphicsContextCGWin.cpp 2021-08-21 22:04:40 UTC (rev 281380)
@@ -51,8 +51,10 @@
// exit gracefully and look at it later:
// https://bugs.webkit.org/show_bug.cgi?id=52041
// ASSERT(bitmapBits.bitsPerPixel() == 32);
- if (pixelData.bitsPerPixel() != 32)
+ if (pixelData.bitsPerPixel() != 32) {
+ fprintf(stderr, "Invalid bits per pixel requested: %d hdc = %p", pixelData.bitsPerPixel(), hdc);
return 0;
+ }
CGBitmapInfo bitmapInfo = kCGBitmapByteOrder32Little | (hasAlpha ? kCGImageAlphaPremultipliedFirst : kCGImageAlphaNoneSkipFirst);
auto context = adoptCF(CGBitmapContextCreate(pixelData.buffer(), pixelData.size().width(), pixelData.size().height(), 8, pixelData.bytesPerRow(), sRGBColorSpaceRef(), bitmapInfo));
Modified: trunk/Source/WebCore/platform/graphics/win/ImageCGWin.cpp (281379 => 281380)
--- trunk/Source/WebCore/platform/graphics/win/ImageCGWin.cpp 2021-08-21 19:19:56 UTC (rev 281379)
+++ trunk/Source/WebCore/platform/graphics/win/ImageCGWin.cpp 2021-08-21 22:04:40 UTC (rev 281380)
@@ -68,6 +68,9 @@
GetObject(bmp, sizeof(BITMAP), &bmpInfo);
ASSERT(bmpInfo.bmBitsPixel == 32);
+ if (bmpInfo.bmBitsPixel != 32)
+ return false;
+
int bufferSize = bmpInfo.bmWidthBytes * bmpInfo.bmHeight;
auto cgContext = adoptCF(CGBitmapContextCreate(bmpInfo.bmBits, bmpInfo.bmWidth, bmpInfo.bmHeight,
Modified: trunk/Source/WebKitLegacy/win/ChangeLog (281379 => 281380)
--- trunk/Source/WebKitLegacy/win/ChangeLog 2021-08-21 19:19:56 UTC (rev 281379)
+++ trunk/Source/WebKitLegacy/win/ChangeLog 2021-08-21 22:04:40 UTC (rev 281380)
@@ -1,3 +1,16 @@
+2021-08-21 Per Arne <pvol...@apple.com>
+
+ [Win] Crash under FontCache::lastResortFallbackFont
+ https://bugs.webkit.org/show_bug.cgi?id=228186
+
+ Reviewed by Myles C. Maxfield.
+
+ Add null check for bitmapDC. Proceeding without a valid bitmapDC will cause a crash. When painting is being done while already in the Windows paint handler,
+ we can end up with a bitmapDC which is null.
+
+ * WebView.cpp:
+ (WebView::paintIntoBackingStore):
+
2021-08-19 Youenn Fablet <you...@apple.com>
Rename MediaPlayer::setVisible to MediaPlayer::setPageIsVisible
Modified: trunk/Source/WebKitLegacy/win/WebView.cpp (281379 => 281380)
--- trunk/Source/WebKitLegacy/win/WebView.cpp 2021-08-21 19:19:56 UTC (rev 281379)
+++ trunk/Source/WebKitLegacy/win/WebView.cpp 2021-08-21 22:04:40 UTC (rev 281380)
@@ -1378,6 +1378,9 @@
RECT rect = dirtyRectPixels;
+ if (!bitmapDC)
+ return;
+
#if FLASH_BACKING_STORE_REDRAW
{
HWndDC dc(m_viewWindow);