From a9b48fbb0c6b294781fa0319f32f2f695dea057d Mon Sep 17 00:00:00 2001
From: Filipe Norte <filipe_norte@comcast.com>
Date: Tue, 29 Jul 2025 10:31:06 +0000
Subject: [PATCH] Fix nullptr dereference in font typeface handling

---
 Source/WebCore/platform/graphics/skia/FontCacheSkia.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Source/WebCore/platform/graphics/skia/FontCacheSkia.cpp b/Source/WebCore/platform/graphics/skia/FontCacheSkia.cpp
index 60fa416083644..4e1b1d7932ee9 100644
--- a/Source/WebCore/platform/graphics/skia/FontCacheSkia.cpp
+++ b/Source/WebCore/platform/graphics/skia/FontCacheSkia.cpp
@@ -120,6 +120,9 @@ RefPtr<Font> FontCache::systemFallbackForCharacterCluster(const FontDescription&
     auto features = computeFeatures(description, { });
     auto skFontStyle = skiaFontStyle(description);
     auto typeface = fontManager().matchFamilyStyleCharacter(nullptr, skFontStyle, bcp47.data(), bcp47.size(), baseCharacter);
+    if (!typeface) {
+        typeface = SkTypeface::MakeEmpty();
+    }
     auto syntheticBold = description.hasAutoFontSynthesisWeight() && skFontStyle.weight() >= SkFontStyle::kSemiBold_Weight && !typeface->isBold();
     auto syntheticOblique = description.hasAutoFontSynthesisStyle() && skFontStyle.slant() != SkFontStyle::kUpright_Slant && !typeface->isItalic();
     FontPlatformData alternateFontData(WTFMove(typeface), description.computedSize(), syntheticBold, syntheticOblique, description.orientation(), description.widthVariant(), description.textRenderingMode(), WTFMove(features));