Title: [260646] trunk/Source/WebCore
- Revision
- 260646
- Author
- [email protected]
- Date
- 2020-04-24 09:20:35 -0700 (Fri, 24 Apr 2020)
Log Message
Nullptr crash in objc_msgSend under WebCore::genericFamily
https://bugs.webkit.org/show_bug.cgi?id=210911
<rdar://problem/61510208>
Reviewed by Geoffrey Garen.
Speculative fix.
* platform/graphics/cocoa/SystemFontDatabaseCoreText.cpp:
(WebCore::genericFamily):
Test that CTFontDescriptorCopyAttribute is really returning CFStringRef.
Also explicitly return String from lambda to clarify lifetimes.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (260645 => 260646)
--- trunk/Source/WebCore/ChangeLog 2020-04-24 16:11:47 UTC (rev 260645)
+++ trunk/Source/WebCore/ChangeLog 2020-04-24 16:20:35 UTC (rev 260646)
@@ -1,3 +1,19 @@
+2020-04-24 Antti Koivisto <[email protected]>
+
+ Nullptr crash in objc_msgSend under WebCore::genericFamily
+ https://bugs.webkit.org/show_bug.cgi?id=210911
+ <rdar://problem/61510208>
+
+ Reviewed by Geoffrey Garen.
+
+ Speculative fix.
+
+ * platform/graphics/cocoa/SystemFontDatabaseCoreText.cpp:
+ (WebCore::genericFamily):
+
+ Test that CTFontDescriptorCopyAttribute is really returning CFStringRef.
+ Also explicitly return String from lambda to clarify lifetimes.
+
2020-04-24 Simon Fraser <[email protected]>
Move some post-renderingUpdate code into WebCore
Modified: trunk/Source/WebCore/platform/graphics/cocoa/SystemFontDatabaseCoreText.cpp (260645 => 260646)
--- trunk/Source/WebCore/platform/graphics/cocoa/SystemFontDatabaseCoreText.cpp 2020-04-24 16:11:47 UTC (rev 260645)
+++ trunk/Source/WebCore/platform/graphics/cocoa/SystemFontDatabaseCoreText.cpp 2020-04-24 16:20:35 UTC (rev 260646)
@@ -28,6 +28,7 @@
#include "FontCache.h"
#include "FontCascadeDescription.h"
+#include <wtf/cf/TypeCastsCF.h>
#if PLATFORM(IOS_FAMILY)
#include "RenderThemeIOS.h"
@@ -250,7 +251,8 @@
{
return map.ensure(locale, [&] {
auto descriptor = adoptCF(CTFontDescriptorCreateForCSSFamily(ctKey, locale.createCFString().get()));
- return adoptCF(static_cast<CFStringRef>(CTFontDescriptorCopyAttribute(descriptor.get(), kCTFontFamilyNameAttribute))).get();
+ auto value = adoptCF(dynamic_cf_cast<CFStringRef>(CTFontDescriptorCopyAttribute(descriptor.get(), kCTFontFamilyNameAttribute)));
+ return String { value.get() };
}).iterator->value;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
