diff options
| author | Konstantin Ritt <ritt.ks@gmail.com> | 2014-01-14 18:27:33 +0200 |
|---|---|---|
| committer | The Qt Project <gerrit-noreply@qt-project.org> | 2014-01-16 20:38:42 +0100 |
| commit | 84be1bd4d3ed8d2d9e65301649bc841ea4197fe2 (patch) | |
| tree | 5af8202cc36f092f2a7f40e075e2ac53d0288c06 /src/gui/text/qfontengine.cpp | |
| parent | 2565ef220b9f261fc2d62869b8d38625e41bc6fd (diff) | |
Fix crash due to a stale pointer dereferencing
The HB face caching mechanism introduced in 227e9a40cfeb7e00658cd3
wasn't complete due that fact that HB-NG doesn't parse the entire
font table at once but rather references a table on-demand.
This incompleteness caused a crash in case the engine doesn't
get cached or when it removed from the cache and then re-used.
Task-number: QTBUG-36099
Change-Id: I7816836107655ce7cf6eb9683bb5dc7f892f9cd1
Reviewed-by: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
Reviewed-by: Michael Krasnyk <michael.krasnyk@gmail.com>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
Diffstat (limited to 'src/gui/text/qfontengine.cpp')
| -rw-r--r-- | src/gui/text/qfontengine.cpp | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/gui/text/qfontengine.cpp b/src/gui/text/qfontengine.cpp index 303c85ce75..9eea2e786f 100644 --- a/src/gui/text/qfontengine.cpp +++ b/src/gui/text/qfontengine.cpp @@ -171,7 +171,8 @@ static const HB_FontClass hb_fontClass = { static HB_Error hb_getSFntTable(void *font, HB_Tag tableTag, HB_Byte *buffer, HB_UInt *length) { QFontEngine *fe = (QFontEngine *)font; - if (!fe->getSfntTableData(tableTag, buffer, length)) + Q_ASSERT(fe->faceData.get_font_table); + if (!fe->faceData.get_font_table(fe->faceData.user_data, tableTag, buffer, length)) return HB_Err_Invalid_Argument; return HB_Err_Ok; } @@ -182,6 +183,13 @@ static void hb_freeFace(void *face) } +static bool qt_get_font_table_default(void *user_data, uint tag, uchar *buffer, uint *length) +{ + QFontEngine *fe = (QFontEngine *)user_data; + return fe->getSfntTableData(tag, buffer, length); +} + + #ifdef QT_BUILD_INTERNAL // for testing purpose only, not thread-safe! static QList<QFontEngine *> *enginesCollector = 0; @@ -210,6 +218,9 @@ QFontEngine::QFontEngine() font_(0), font_destroy_func(0), face_(0), face_destroy_func(0) { + faceData.user_data = this; + faceData.get_font_table = qt_get_font_table_default; + cache_cost = 0; fsType = 0; symbol = false; |