Crash when laying out (char)0

https://bugs.webkit.org/show_bug.cgi?id=143103 Reviewed by Dean Jackson. We currently cache a character -> Font mapping in a HashMap. However, keys in Hashmaps can't be 0. This patch simply skips the cache in this case. No new tests, for now. I'm having trouble creating a test because the site that causes this bug generates their page using script, and the script is all minified, and difficult to understand. I will contact the owner of the site and ask for and unminified version of their sources. However, I don't want to that to block this tiny fix from going in. * platform/graphics/Font.cpp: (WebCore::Font::systemFallbackFontForCharacter): Canonical link: https://commits.webkit.org/161124@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@182015 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Mar 26, 2015 · 7d88a59 · 7d88a59
1 parent c5c49b5
commit 7d88a59
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
@@ -1,3 +1,24 @@
+2015-03-26  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        Crash when laying out (char)0
+        https://bugs.webkit.org/show_bug.cgi?id=143103
+
+        Reviewed by Dean Jackson.
+
+        We currently cache a character -> Font mapping in a HashMap.
+        However, keys in Hashmaps can't be 0. This patch simply skips
+        the cache in this case.
+
+        No new tests, for now. I'm having trouble creating a test because
+        the site that causes this bug generates their page using script,
+        and the script is all minified, and difficult to understand. I
+        will contact the owner of the site and ask for and unminified
+        version of their sources. However, I don't want to that to block
+        this tiny fix from going in.
+
+        * platform/graphics/Font.cpp:
+        (WebCore::Font::systemFallbackFontForCharacter):
+
 2015-03-26  Jer Noble  <jer.noble@apple.com>
 
         [Mac][EME] Crash at com.apple.WebCore: WebCore::CDMSessionMediaSourceAVFObjC::releaseKeys + 177

diff --git a/Source/WebCore/platform/graphics/Font.cpp b/Source/WebCore/platform/graphics/Font.cpp
@@ -415,6 +415,11 @@ RefPtr<Font> Font::systemFallbackFontForCharacter(UChar32 character, const FontD
 {
     auto fontAddResult = systemFallbackCache().add(this, CharacterFallbackMap());
 
+    if (!character) {
+        UChar codeUnit = 0;
+        return FontCache::singleton().systemFallbackForCharacters(description, this, isForPlatformFont, &codeUnit, 1);
+    }
+
     auto key = std::make_pair(character, isForPlatformFont);
     auto characterAddResult = fontAddResult.iterator->value.add(key, nullptr);