2011-06-04 Abhishek Arya <inferno@chromium.org>
authorAdemar de Souza Reis Jr <ademar.reis@openbossa.org>
Mon, 6 Jun 2011 14:46:15 +0000 (11:46 -0300)
committerAdemar de Souza Reis Jr <ademar.reis@openbossa.org>
Mon, 6 Jun 2011 14:46:15 +0000 (11:46 -0300)
commit7d066c3bc670366bc9a833b9f806bea2f557593f
tree37dd949d39a2237ef72296ad944b131cf7303b16
parentf098de229262f0c9b8af54162332ba8d6e8cb771
2011-06-04  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Kent Tamura.

        Add some asserts for array boundary checks in TextRun. Fix
        an integer issue in linux text controller code.
        https://bugs.webkit.org/show_bug.cgi?id=62085

        Testing ComplexTextControllerLinux change requires a testcase
        > 32 kb which is not feasible. All other changes are tested by
        existing layouttests.

        * platform/graphics/TextRun.h:
        (WebCore::TextRun::operator[]): add assert.
        (WebCore::TextRun::data): add assert.
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::advance): bail early and prevent access
        to one byte across the text run boundary.
        * platform/graphics/chromium/ComplexTextControllerLinux.cpp:
        (WebCore::ComplexTextController::getNormalizedTextRun): wrong
        int16 vs int comparison.
        * rendering/svg/SVGTextRunRenderingContext.cpp:
        (WebCore::SVGTextRunWalker::walk): bail early when from and to
        is outside the text run boundary. this hit easily after adding
        the assert when from = to = end and read in run.data(from).

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@88139 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Conflicts:

Source/WebCore/rendering/svg/SVGTextRunRenderingContext.cpp
Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/TextRun.h
Source/WebCore/platform/graphics/WidthIterator.cpp
Source/WebCore/platform/graphics/chromium/ComplexTextControllerLinux.cpp
Source/WebCore/svg/SVGFont.cpp