From 14f5f51147f448b26ba2493c1d4099ff908049b4 Mon Sep 17 00:00:00 2001 From: Ben Wiederhake Date: Sat, 19 Oct 2024 23:51:21 +0200 Subject: [PATCH] LibGfx: Use actual vector size as indicated by HarfBuzz This fixes a browser crash as experienced on Wikipedia when encountering the ≠ entity. As a side-effect, this also affects some tab-align and -wrap tests. --- ...tab-size-chars-should-vertically-align.txt | 6 ++--- .../Layout/expected/tab-size-text-wrap.txt | 26 +++++++++---------- .../recursive-glyph-miscount-dont-crash.txt | 1 + .../recursive-glyph-miscount-dont-crash.html | 7 +++++ Userland/Libraries/LibGfx/TextLayout.cpp | 2 +- 5 files changed, 25 insertions(+), 17 deletions(-) create mode 100644 Tests/LibWeb/Text/expected/regress/recursive-glyph-miscount-dont-crash.txt create mode 100644 Tests/LibWeb/Text/input/regress/recursive-glyph-miscount-dont-crash.html diff --git a/Tests/LibWeb/Layout/expected/tab-size-chars-should-vertically-align.txt b/Tests/LibWeb/Layout/expected/tab-size-chars-should-vertically-align.txt index 8bf286f3bf6..a55073a6c00 100644 --- a/Tests/LibWeb/Layout/expected/tab-size-chars-should-vertically-align.txt +++ b/Tests/LibWeb/Layout/expected/tab-size-chars-should-vertically-align.txt @@ -3,7 +3,7 @@ Viewport <#document> at (0,0) content-size 800x600 children: not-inline BlockContainer at (8,8) content-size 784x68 children: not-inline BlockContainer
at (8,8) content-size 784x17 children: inline frag 0 from BlockContainer start: 0, length: 0, rect: [8,21 60x0] baseline: 0 - frag 1 from TextNode start: 0, length: 2, rect: [68,8 82.265625x17] baseline: 13.296875 + frag 1 from TextNode start: 0, length: 2, rect: [68,8 88.109375x17] baseline: 13.296875 " A" BlockContainer at (8,21) content-size 60x0 inline-block [BFC] children: not-inline TextNode <#text> @@ -11,7 +11,7 @@ Viewport <#document> at (0,0) content-size 800x600 children: not-inline TextNode <#text> BlockContainer
at (8,25) content-size 784x17 children: inline frag 0 from BlockContainer start: 0, length: 0, rect: [8,38 70x0] baseline: 0 - frag 1 from TextNode start: 0, length: 2, rect: [78,25 72.265625x17] baseline: 13.296875 + frag 1 from TextNode start: 0, length: 2, rect: [78,25 78.109375x17] baseline: 13.296875 " A" BlockContainer at (8,38) content-size 70x0 inline-block [BFC] children: not-inline TextNode <#text> @@ -19,7 +19,7 @@ Viewport <#document> at (0,0) content-size 800x600 children: not-inline TextNode <#text> BlockContainer
at (8,42) content-size 784x17 children: inline frag 0 from BlockContainer start: 0, length: 0, rect: [8,55 73x0] baseline: 0 - frag 1 from TextNode start: 0, length: 2, rect: [81,42 69.265625x17] baseline: 13.296875 + frag 1 from TextNode start: 0, length: 2, rect: [81,42 75.109375x17] baseline: 13.296875 " A" BlockContainer at (8,55) content-size 73x0 inline-block [BFC] children: not-inline TextNode <#text> diff --git a/Tests/LibWeb/Layout/expected/tab-size-text-wrap.txt b/Tests/LibWeb/Layout/expected/tab-size-text-wrap.txt index 1520932dd7c..5dc84f485a0 100644 --- a/Tests/LibWeb/Layout/expected/tab-size-text-wrap.txt +++ b/Tests/LibWeb/Layout/expected/tab-size-text-wrap.txt @@ -2,19 +2,19 @@ Viewport <#document> at (0,0) content-size 800x600 children: not-inline BlockContainer at (0,0) content-size 800x67 [BFC] children: not-inline BlockContainer at (8,8) content-size 784x51 children: not-inline BlockContainer
at (8,8) content-size 100x51 children: inline - frag 0 from BlockContainer start: 0, length: 0, rect: [8,8 114.265625x17] baseline: 13.296875 - frag 1 from BlockContainer start: 0, length: 0, rect: [8,25 123.609375x17] baseline: 13.296875 - frag 2 from BlockContainer start: 0, length: 0, rect: [8,42 133.921875x17] baseline: 13.296875 - BlockContainer at (8,8) content-size 114.265625x17 inline-block [BFC] children: inline - frag 0 from TextNode start: 0, length: 2, rect: [8,8 114.265625x17] baseline: 13.296875 + frag 0 from BlockContainer start: 0, length: 0, rect: [8,8 120.109375x17] baseline: 13.296875 + frag 1 from BlockContainer start: 0, length: 0, rect: [8,25 129.453125x17] baseline: 13.296875 + frag 2 from BlockContainer start: 0, length: 0, rect: [8,42 139.765625x17] baseline: 13.296875 + BlockContainer at (8,8) content-size 120.109375x17 inline-block [BFC] children: inline + frag 0 from TextNode start: 0, length: 2, rect: [8,8 120.109375x17] baseline: 13.296875 " A" TextNode <#text> - BlockContainer at (8,25) content-size 123.609375x17 inline-block [BFC] children: inline - frag 0 from TextNode start: 0, length: 3, rect: [8,25 123.609375x17] baseline: 13.296875 + BlockContainer at (8,25) content-size 129.453125x17 inline-block [BFC] children: inline + frag 0 from TextNode start: 0, length: 3, rect: [8,25 129.453125x17] baseline: 13.296875 " AB" TextNode <#text> - BlockContainer at (8,42) content-size 133.921875x17 inline-block [BFC] children: inline - frag 0 from TextNode start: 0, length: 4, rect: [8,42 133.921875x17] baseline: 13.296875 + BlockContainer at (8,42) content-size 139.765625x17 inline-block [BFC] children: inline + frag 0 from TextNode start: 0, length: 4, rect: [8,42 139.765625x17] baseline: 13.296875 " ABC" TextNode <#text> BlockContainer <(anonymous)> at (8,59) content-size 784x0 children: inline @@ -23,11 +23,11 @@ Viewport <#document> at (0,0) content-size 800x600 children: not-inline ViewportPaintable (Viewport<#document>) [0,0 800x600] PaintableWithLines (BlockContainer) [0,0 800x67] PaintableWithLines (BlockContainer) [8,8 784x51] - PaintableWithLines (BlockContainer
) [8,8 100x51] overflow: [8,8 133.921875x51] - PaintableWithLines (BlockContainer) [8,8 114.265625x17] + PaintableWithLines (BlockContainer
) [8,8 100x51] overflow: [8,8 139.765625x51] + PaintableWithLines (BlockContainer) [8,8 120.109375x17] TextPaintable (TextNode<#text>) - PaintableWithLines (BlockContainer) [8,25 123.609375x17] + PaintableWithLines (BlockContainer) [8,25 129.453125x17] TextPaintable (TextNode<#text>) - PaintableWithLines (BlockContainer) [8,42 133.921875x17] + PaintableWithLines (BlockContainer) [8,42 139.765625x17] TextPaintable (TextNode<#text>) PaintableWithLines (BlockContainer(anonymous)) [8,59 784x0] diff --git a/Tests/LibWeb/Text/expected/regress/recursive-glyph-miscount-dont-crash.txt b/Tests/LibWeb/Text/expected/regress/recursive-glyph-miscount-dont-crash.txt new file mode 100644 index 00000000000..aaecaf93c4a --- /dev/null +++ b/Tests/LibWeb/Text/expected/regress/recursive-glyph-miscount-dont-crash.txt @@ -0,0 +1 @@ +PASS (didn't crash) diff --git a/Tests/LibWeb/Text/input/regress/recursive-glyph-miscount-dont-crash.html b/Tests/LibWeb/Text/input/regress/recursive-glyph-miscount-dont-crash.html new file mode 100644 index 00000000000..b3d36bdfc1c --- /dev/null +++ b/Tests/LibWeb/Text/input/regress/recursive-glyph-miscount-dont-crash.html @@ -0,0 +1,7 @@ + +≠ + diff --git a/Userland/Libraries/LibGfx/TextLayout.cpp b/Userland/Libraries/LibGfx/TextLayout.cpp index f3f4a4d70ea..ce8e4ddfa58 100644 --- a/Userland/Libraries/LibGfx/TextLayout.cpp +++ b/Userland/Libraries/LibGfx/TextLayout.cpp @@ -21,7 +21,6 @@ RefPtr shape_text(FloatPoint baseline_start, Utf8View string, Gfx::Fon u32 glyph_count; auto* glyph_info = hb_buffer_get_glyph_infos(buffer, &glyph_count); - Vector const input_glyph_info({ glyph_info, glyph_count }); auto* hb_font = font.harfbuzz_font(); hb_shape(hb_font, buffer, nullptr, 0); @@ -29,6 +28,7 @@ RefPtr shape_text(FloatPoint baseline_start, Utf8View string, Gfx::Fon glyph_info = hb_buffer_get_glyph_infos(buffer, &glyph_count); auto* positions = hb_buffer_get_glyph_positions(buffer, &glyph_count); + Vector const input_glyph_info({ glyph_info, glyph_count }); Vector glyph_run; FloatPoint point = baseline_start; for (size_t i = 0; i < glyph_count; ++i) {