Skip to content
Fetching contributors…
Cannot retrieve contributors at this time
55 lines (48 sloc) 2.2 KB
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css">
#telugu {
font-size: 2cm;
line-height: 1.5em;
font-family: "Lohit Telugu";
var ITERATIONS = 10000;
if (window.testRunner)
function mouseSelection() {
var body = document.body;
xStart = 0;
yStart = 0;
if (window.eventSender) {
eventSender.mouseMoveTo(xStart, yStart);
for(i=0;i<ITERATIONS;i++) {
randomCoord = randomCoordinate();
eventSender.mouseMoveTo(randomCoord.x, randomCoord.y);
if (window.testRunnder)
function randomCoordinate(axis) {
return { x: Math.floor(Math.random()*window.innerWidth),
y: Math.floor(Math.random()* window.innerHeight) }
<body onload="mouseSelection()"><p>
This test fuzzes HarfBuzzShaper::offsetForPosition to trigger an assertion in the downstream function characterIndexForXPosition().
See - reason of the assertion being hit is a minuscule floating point inaccuracy
between an if condition that gates the call to characterIndexForXPosition and the actual argument that's then given to the function.
This test works on WebKit EFL, with the Ubuntu Telugu Lohit font installed to the EFL jhbuild font directory, like:</p>
<pre>$ cp /usr/share/fonts/truetype/ttf-telugu-fonts/lohit_te.ttf WebKitBuild/Dependencies/Source/webkitgtk-test-fonts-0.0.3</pre>
<p>Run with:</p>
<pre>$ WebKitBuild/Debug/bin/DumpRenderTree ManualTests/harfbuzz-mouse-selection-crash.html</pre>
<p>Before the change, this would crash 10/10 times. Test passes if it does not crash.</p>
<p id="telugu">చేనేత కార్మికుల సమస్యలను ప్రభుత్వం దృష్టికి తీసుకువెళ్లేందుకు సిరిసిల్లలో వైఎస్ఆర్ సిపి గౌరవాధ్యక్షురాలు విజయమ్మ చేపట్టినదీక్ష విజయవంతమైంది.</p>
Something went wrong with that request. Please try again.