diff options
author | 2015-03-05 11:51:11 -0800 | |
---|---|---|
committer | 2015-03-05 11:51:11 -0800 | |
commit | c1e97b372e21edf9c7e45cfea0eca7f1a52fe9e5 (patch) | |
tree | 27c2078b24c26d18b32d4798ab0a7a37f2c69b53 /src/core/SkGlyphCache.h | |
parent | 56e25ddf6e2c1f85c5addbe498a082268ebee6ea (diff) |
Fix uninitialized memory bug in the SkGlyphCache.
The core of the problem is that the system is asked to lookup the metrics for a character with id == 0. This causes a hit in the fCharToGlyphHash matching the sentinel glyph. This happens because fCharToGlpyhHash is initialized with all zeros, therefore, the fID is zero matching the char with id == 0. The fAdvanceX field of the sentinel glyph is in fact not initialized.
The bigger question is now did a zero character get passed to getUnicharMetrics?
The breaking code is basically as follows:
wchar_t glyph = L'S';
paint.measureText(&glyph, 2);
This get mischaracterized as a utf8 string instead of a utf16(?) string. Because of the little endian ordering, this is the character string 'L' '\0'. Since the size of the original string is two bytes (but a single character) the '\0' is treated as its own character and past to getUnicharMetrics.
TEST:
On windows failed using DrMemory. With this change does not fail.
BUG=463204
Review URL: https://codereview.chromium.org/977063002
Diffstat (limited to 'src/core/SkGlyphCache.h')
-rw-r--r-- | src/core/SkGlyphCache.h | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/core/SkGlyphCache.h b/src/core/SkGlyphCache.h index 200655bb41..d0b792f273 100644 --- a/src/core/SkGlyphCache.h +++ b/src/core/SkGlyphCache.h @@ -207,13 +207,15 @@ private: enum { kHashBits = 8, kHashCount = 1 << kHashBits, - kHashMask = kHashCount - 1, - kSentinelGlyphIndex = 0, - kSentinelGlyphID = ~0 + kHashMask = kHashCount - 1 }; - + // A quick lookup to avoid the binary search looking for glyphs in fGlyphArray. uint16_t fGlyphHash[kHashCount]; + // Contains the SkGlyphs that are used by fGlyphHash and fCharToGlyphHash. The zero element + // is reserved for a sentinel SkGlyph that reduces the logic to check for collisions in the + // hash arrays. The zero element has an fID of SkGlyph::kImpossibleID which never matches + // any combined id generated for a char or a glyph. SkTDArray<SkGlyph> fGlyphArray; SkChunkAlloc fGlyphAlloc; |