Skip to site navigation (Press enter)

[webkit-changes] [124057] branches/safari-536.26-branch

lforschler Mon, 30 Jul 2012 11:22:22 -0700

Title: [124057] branches/safari-536.26-branch

Revision: 124057
Author: lforsch...@apple.com
Date: 2012-07-30 11:22:29 -0700 (Mon, 30 Jul 2012)

Log Message

Merged r116698.  <rdar://problem/11942088>


Modified Paths

branches/safari-536.26-branch/LayoutTests/ChangeLog
branches/safari-536.26-branch/Source/WebCore/ChangeLog
branches/safari-536.26-branch/Source/WebCore/platform/graphics/FontDescription.h


Added Paths

branches/safari-536.26-branch/LayoutTests/fast/css/large-font-size-crash-expected.txt
branches/safari-536.26-branch/LayoutTests/fast/css/large-font-size-crash.html

Diff

Modified: branches/safari-536.26-branch/LayoutTests/ChangeLog (124056 => 124057)


--- branches/safari-536.26-branch/LayoutTests/ChangeLog	2012-07-30 18:20:02 UTC (rev 124056)
+++ branches/safari-536.26-branch/LayoutTests/ChangeLog	2012-07-30 18:22:29 UTC (rev 124057)
@@ -1,5 +1,19 @@
 2012-07-30  Lucas Forschler  <lforsch...@apple.com>
 
+    Merge 116698
+
+    2012-05-10  Abhishek Arya  <infe...@chromium.org>
+
+            Crash in FontCache::releaseFontData due to infinite float size.
+            https://bugs.webkit.org/show_bug.cgi?id=86110
+
+            Reviewed by Andreas Kling.
+
+            * fast/css/large-font-size-crash-expected.txt: Added.
+            * fast/css/large-font-size-crash.html: Added.
+
+2012-07-30  Lucas Forschler  <lforsch...@apple.com>
+
     Merge 116683
 
     2012-05-10  Abhishek Arya  <infe...@chromium.org>

Copied: branches/safari-536.26-branch/LayoutTests/fast/css/large-font-size-crash-expected.txt (from rev 116698, trunk/LayoutTests/fast/css/large-font-size-crash-expected.txt) (0 => 124057)


--- branches/safari-536.26-branch/LayoutTests/fast/css/large-font-size-crash-expected.txt	                        (rev 0)
+++ branches/safari-536.26-branch/LayoutTests/fast/css/large-font-size-crash-expected.txt	2012-07-30 18:22:29 UTC (rev 124057)
@@ -0,0 +1 @@
+PASS. WebKit didn't crash.

Copied: branches/safari-536.26-branch/LayoutTests/fast/css/large-font-size-crash.html (from rev 116698, trunk/LayoutTests/fast/css/large-font-size-crash.html) (0 => 124057)


--- branches/safari-536.26-branch/LayoutTests/fast/css/large-font-size-crash.html	                        (rev 0)
+++ branches/safari-536.26-branch/LayoutTests/fast/css/large-font-size-crash.html	2012-07-30 18:22:29 UTC (rev 124057)
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<body style='font: 9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999in Ahem;'>
+PASS. WebKit didn't crash.
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+</script>
+</body>
+</html>

Modified: branches/safari-536.26-branch/Source/WebCore/ChangeLog (124056 => 124057)


--- branches/safari-536.26-branch/Source/WebCore/ChangeLog	2012-07-30 18:20:02 UTC (rev 124056)
+++ branches/safari-536.26-branch/Source/WebCore/ChangeLog	2012-07-30 18:22:29 UTC (rev 124057)
@@ -1,5 +1,26 @@
 2012-07-30  Lucas Forschler  <lforsch...@apple.com>
 
+    Merge 116698
+
+    2012-05-10  Abhishek Arya  <infe...@chromium.org>
+
+            Crash in FontCache::releaseFontData due to infinite float size.
+            https://bugs.webkit.org/show_bug.cgi?id=86110
+
+            Reviewed by Andreas Kling.
+
+            New callers always forget to clamp the font size, which overflows
+            to infinity on multiplication. It is best to clamp it at the end
+            to avoid getting greater than std::numeric_limits<float>::max().
+
+            Test: fast/css/large-font-size-crash.html
+
+            * platform/graphics/FontDescription.h:
+            (WebCore::FontDescription::setComputedSize):
+            (WebCore::FontDescription::setSpecifiedSize):
+
+2012-07-30  Lucas Forschler  <lforsch...@apple.com>
+
     Merge 116683
 
     2012-05-10  Abhishek Arya  <infe...@chromium.org>

Modified: branches/safari-536.26-branch/Source/WebCore/platform/graphics/FontDescription.h (124056 => 124057)


--- branches/safari-536.26-branch/Source/WebCore/platform/graphics/FontDescription.h	2012-07-30 18:20:02 UTC (rev 124056)
+++ branches/safari-536.26-branch/Source/WebCore/platform/graphics/FontDescription.h	2012-07-30 18:22:29 UTC (rev 124057)
@@ -138,8 +138,8 @@
     FontDescription makeNormalFeatureSettings() const;
 
     void setFamily(const FontFamily& family) { m_familyList = family; }
-    void setComputedSize(float s) { ASSERT(isfinite(s)); m_computedSize = s; }
-    void setSpecifiedSize(float s) { ASSERT(isfinite(s)); m_specifiedSize = s; }
+    void setComputedSize(float s) { m_computedSize = clampToFloat(s); }
+    void setSpecifiedSize(float s) { m_specifiedSize = clampToFloat(s); }
     void setItalic(FontItalic i) { m_italic = i; }
     void setItalic(bool i) { setItalic(i ? FontItalicOn : FontItalicOff); }
     void setSmallCaps(FontSmallCaps c) { m_smallCaps = c; }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes