[webkit-changes] [221948] trunk

Tue, 12 Sep 2017 17:13:27 -0700

Title: [221948] trunk
Revision
221948
Author
mmaxfi...@apple.com
Date
2017-09-12 17:13:01 -0700 (Tue, 12 Sep 2017)

Log Message

ASSERTION FAILED: !m_valueOrException under FontFaceSet::completedLoading loading a Serious Eats page
https://bugs.webkit.org/show_bug.cgi?id=175899

Reviewed by Tim Horton.

Source/WebCore:

Slight style update to r221835. Also adds a test.

Test: fast/text/document-fonts-while-loading-crash.html

* css/CSSFontFaceSet.h:
* css/FontFaceSet.cpp:
(WebCore::FontFaceSet::FontFaceSet):

LayoutTests:

* fast/text/document-fonts-while-loading-crash-expected.txt: Added.
* fast/text/document-fonts-while-loading-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (221947 => 221948)


--- trunk/LayoutTests/ChangeLog	2017-09-13 00:12:18 UTC (rev 221947)
+++ trunk/LayoutTests/ChangeLog	2017-09-13 00:13:01 UTC (rev 221948)
@@ -1,3 +1,13 @@
+2017-09-12  Myles C. Maxfield  <mmaxfi...@apple.com>
+
+        ASSERTION FAILED: !m_valueOrException under FontFaceSet::completedLoading loading a Serious Eats page
+        https://bugs.webkit.org/show_bug.cgi?id=175899
+
+        Reviewed by Tim Horton.
+
+        * fast/text/document-fonts-while-loading-crash-expected.txt: Added.
+        * fast/text/document-fonts-while-loading-crash.html: Added.
+
 2017-09-12  Ryosuke Niwa  <rn...@webkit.org>
 
         Dragging & dropping a file creates an attachment element even when it's disabled

Added: trunk/LayoutTests/fast/text/document-fonts-while-loading-crash-expected.txt (0 => 221948)


--- trunk/LayoutTests/fast/text/document-fonts-while-loading-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/text/document-fonts-while-loading-crash-expected.txt	2017-09-13 00:13:01 UTC (rev 221948)
@@ -0,0 +1,7 @@
+This test passes if there is no ASSERT in debug mode. This happens when:
+No one uses the CSS Font Loading API
+A font starts loading
+Someone uses the CSS Font Loading API, causing us to create _javascript_ wrappers for our internal objects
+The font finishes loading
+The bug occurs when the wrappers do not correctly understand that there are in-flight loads already happening.
+Hello

Added: trunk/LayoutTests/fast/text/document-fonts-while-loading-crash.html (0 => 221948)


--- trunk/LayoutTests/fast/text/document-fonts-while-loading-crash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/text/document-fonts-while-loading-crash.html	2017-09-13 00:13:01 UTC (rev 221948)
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.internals) {
+    internals.invalidateFontCache();
+    internals.clearMemoryCache();
+}
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+}
+</script>
+<style>
+@font-face {
+    font-family: "WebFont";
+    src: url("../../resources/Ahem.otf") format("opentype");
+}
+</style>
+</head>
+<body>
+This test passes if there is no ASSERT in debug mode. This happens when:
+<ol>
+<li>No one uses the CSS Font Loading API</li>
+<li>A font starts loading</li>
+<li>Someone uses the CSS Font Loading API, causing us to create _javascript_ wrappers for our internal objects</li>
+<li>The font finishes loading</li>
+</ol>
+The bug occurs when the wrappers do not correctly understand that there are in-flight loads already happening.
+<div style="font-family: 'WebFont';">Hello</div>
+<script>
+document.body.offsetTop; // Force layout, which starts fonts loading
+document.fonts.ready.then(function() {
+    if (window.testRunner)
+        testRunner.notifyDone();
+});
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (221947 => 221948)


--- trunk/Source/WebCore/ChangeLog	2017-09-13 00:12:18 UTC (rev 221947)
+++ trunk/Source/WebCore/ChangeLog	2017-09-13 00:13:01 UTC (rev 221948)
@@ -1,5 +1,20 @@
 2017-09-12  Myles C. Maxfield  <mmaxfi...@apple.com>
 
+        ASSERTION FAILED: !m_valueOrException under FontFaceSet::completedLoading loading a Serious Eats page
+        https://bugs.webkit.org/show_bug.cgi?id=175899
+
+        Reviewed by Tim Horton.
+
+        Slight style update to r221835. Also adds a test.
+
+        Test: fast/text/document-fonts-while-loading-crash.html
+
+        * css/CSSFontFaceSet.h:
+        * css/FontFaceSet.cpp:
+        (WebCore::FontFaceSet::FontFaceSet):
+
+2017-09-12  Myles C. Maxfield  <mmaxfi...@apple.com>
+
         Inline ParserUtilities.h
         https://bugs.webkit.org/show_bug.cgi?id=176572

Modified: trunk/Source/WebCore/css/CSSFontFaceSet.h (221947 => 221948)


--- trunk/Source/WebCore/css/CSSFontFaceSet.h	2017-09-13 00:12:18 UTC (rev 221947)
+++ trunk/Source/WebCore/css/CSSFontFaceSet.h	2017-09-13 00:13:01 UTC (rev 221948)
@@ -73,6 +73,8 @@
     enum class Status { Loading, Loaded };
     Status status() const { return m_status; }
 
+    bool hasActiveFontFaces() { return status() == Status::Loading; }
+
     ExceptionOr<Vector<std::reference_wrapper<CSSFontFace>>> matchingFaces(const String& font, const String& text);
 
     // CSSFontFace::Client needs to be able to be held in a RefPtr.

Modified: trunk/Source/WebCore/css/FontFaceSet.cpp (221947 => 221948)


--- trunk/Source/WebCore/css/FontFaceSet.cpp	2017-09-13 00:12:18 UTC (rev 221947)
+++ trunk/Source/WebCore/css/FontFaceSet.cpp	2017-09-13 00:13:01 UTC (rev 221948)
@@ -63,9 +63,9 @@
     , m_backing(backing)
     , m_readyPromise(*this, &FontFaceSet::readyPromiseResolve)
 {
+    if (!backing.hasActiveFontFaces())
+        m_readyPromise.resolve(*this);
     m_backing->addClient(*this);
-    if (m_backing->status() == CSSFontFaceSet::Status::Loaded)
-        m_readyPromise.resolve(*this);
 }
 
 FontFaceSet::~FontFaceSet()

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to