From 84be1bd4d3ed8d2d9e65301649bc841ea4197fe2 Mon Sep 17 00:00:00 2001
From: Konstantin Ritt <ritt.ks@gmail.com>
Date: Tue, 14 Jan 2014 18:27:33 +0200
Subject: Fix crash due to a stale pointer dereferencing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The HB face caching mechanism introduced in 227e9a40cfeb7e00658cd3
wasn't complete due that fact that HB-NG doesn't parse the entire
font table at once but rather references a table on-demand.
This incompleteness caused a crash in case the engine doesn't
get cached or when it removed from the cache and then re-used.

Task-number: QTBUG-36099

Change-Id: I7816836107655ce7cf6eb9683bb5dc7f892f9cd1
Reviewed-by: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
Reviewed-by: Michael Krasnyk <michael.krasnyk@gmail.com>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
---
 src/gui/text/qfontengine_p.h | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/gui/text/qfontengine_p.h')

diff --git a/src/gui/text/qfontengine_p.h b/src/gui/text/qfontengine_p.h
index c181d61d73..a04f4bd0ac 100644
--- a/src/gui/text/qfontengine_p.h
+++ b/src/gui/text/qfontengine_p.h
@@ -85,6 +85,7 @@ enum HB_Compat_Error {
 };
 
 typedef void (*qt_destroy_func_t) (void *user_data);
+typedef bool (*qt_get_font_table_func_t) (void *user_data, uint tag, uchar *buffer, uint *length);
 
 class Q_GUI_EXPORT QFontEngine
 {
@@ -280,6 +281,10 @@ public:
     mutable qt_destroy_func_t font_destroy_func;
     mutable void *face_;
     mutable qt_destroy_func_t face_destroy_func;
+    struct FaceData {
+        void *user_data;
+        qt_get_font_table_func_t get_font_table;
+    } faceData;
 
     uint cache_cost; // amount of mem used in kb by the font
     uint fsType : 16;
-- 
cgit v1.2.3