diff options
| author | Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io> | 2016-09-28 12:18:11 +0200 |
|---|---|---|
| committer | Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io> | 2016-09-29 12:43:19 +0000 |
| commit | 462f6029ed7ab34b76afc009b95134d4e51a8e18 (patch) | |
| tree | f61eec5d0c4abfd1d128edbfc9e1fcd1eaa4a68b /src/gui/text | |
| parent | 422838685c31d9b57133a8711bfd5db92095d96d (diff) | |
Fix crash when doing many text layouts with superscript/subscript
After e109b8a0f3c89c595f0da689e7ee847130e2ee47, it is possible
that the cache will be flushed as a result of inserting a new
font rather than just when the timer event triggers. When doing
superscript and subscript text layouts, we would first get
a regular font engine, then a scaled one, and then reference
the regular font engine *after* getting the scaled one. If the
regular font engine was deleted as a result of inserting the scaled
one, we would get a dangling pointer and crash.
The situation was improved by 49926bb9ef983d4c19aed635a00b388252c065e4.
You would now to switch between 256 different fonts in the layout
in order to trigger it. The test in the commit will trigger the
crash even with this change.
[ChangeLog][Qt Gui][Text] Fixed a crash that could happen if you
were doing many different text layouts with different fonts
and superscript or subscript alignment.
Task-number: QTBUG-53911
Change-Id: Ia33108252e030eff25924ef1b7c10b9d59b5bc8c
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Diffstat (limited to 'src/gui/text')
| -rw-r--r-- | src/gui/text/qtextengine.cpp | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/gui/text/qtextengine.cpp b/src/gui/text/qtextengine.cpp index 3b50376504..f569c6e795 100644 --- a/src/gui/text/qtextengine.cpp +++ b/src/gui/text/qtextengine.cpp @@ -2058,6 +2058,9 @@ QFontEngine *QTextEngine::fontEngine(const QScriptItem &si, QFixed *ascent, QFix font = font.resolve(fnt); } engine = font.d->engineForScript(script); + if (engine) + engine->ref.ref(); + QTextCharFormat::VerticalAlignment valign = f.verticalAlignment(); if (valign == QTextCharFormat::AlignSuperScript || valign == QTextCharFormat::AlignSubScript) { if (font.pointSize() != -1) @@ -2065,16 +2068,14 @@ QFontEngine *QTextEngine::fontEngine(const QScriptItem &si, QFixed *ascent, QFix else font.setPixelSize((font.pixelSize() * 2) / 3); scaledEngine = font.d->engineForScript(script); + if (scaledEngine) + scaledEngine->ref.ref(); } - if (engine) - engine->ref.ref(); if (feCache.prevFontEngine) releaseCachedFontEngine(feCache.prevFontEngine); feCache.prevFontEngine = engine; - if (scaledEngine) - scaledEngine->ref.ref(); if (feCache.prevScaledFontEngine) releaseCachedFontEngine(feCache.prevScaledFontEngine); feCache.prevScaledFontEngine = scaledEngine; |