diff options
author | herb <herb@google.com> | 2015-03-05 11:51:11 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-03-05 11:51:11 -0800 |
commit | c1e97b372e21edf9c7e45cfea0eca7f1a52fe9e5 (patch) | |
tree | 27c2078b24c26d18b32d4798ab0a7a37f2c69b53 /tests/RecordDrawTest.cpp | |
parent | 56e25ddf6e2c1f85c5addbe498a082268ebee6ea (diff) |
Fix uninitialized memory bug in the SkGlyphCache.
The core of the problem is that the system is asked to lookup the metrics for a character with id == 0. This causes a hit in the fCharToGlyphHash matching the sentinel glyph. This happens because fCharToGlpyhHash is initialized with all zeros, therefore, the fID is zero matching the char with id == 0. The fAdvanceX field of the sentinel glyph is in fact not initialized.
The bigger question is now did a zero character get passed to getUnicharMetrics?
The breaking code is basically as follows:
wchar_t glyph = L'S';
paint.measureText(&glyph, 2);
This get mischaracterized as a utf8 string instead of a utf16(?) string. Because of the little endian ordering, this is the character string 'L' '\0'. Since the size of the original string is two bytes (but a single character) the '\0' is treated as its own character and past to getUnicharMetrics.
TEST:
On windows failed using DrMemory. With this change does not fail.
BUG=463204
Review URL: https://codereview.chromium.org/977063002
Diffstat (limited to 'tests/RecordDrawTest.cpp')
0 files changed, 0 insertions, 0 deletions