Google Git
Sign in
webkit / WebKit / 47988feb1f55e104eccdf00a2c43c1c4ee6ae623
commit47988feb1f55e104eccdf00a2c43c1c4ee6ae623[log] [tgz]
authorinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu May 10 23:02:00 2012 +0000
committerinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu May 10 23:02:00 2012 +0000
tree5af0165324bada1917e29c77fa835cc81f6c0c13
parent1cc0f98bee018d8cb2365fb82c0aced5f2dcaa24 [diff]
Crash in FontCache::releaseFontData due to infinite float size.
https://bugs.webkit.org/show_bug.cgi?id=86110

Reviewed by Andreas Kling.

Source/WebCore:

New callers always forget to clamp the font size, which overflows
to infinity on multiplication. It is best to clamp it at the end
to avoid getting greater than std::numeric_limits<float>::max().

Test: fast/css/large-font-size-crash.html

* platform/graphics/FontDescription.h:
(WebCore::FontDescription::setComputedSize):
(WebCore::FontDescription::setSpecifiedSize):

LayoutTests:

* fast/css/large-font-size-crash-expected.txt: Added.
* fast/css/large-font-size-crash.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@116698 268f45cc-cd09-0410-ab3c-d52691b4dbfc
5 files changed
tree: 5af0165324bada1917e29c77fa835cc81f6c0c13
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. autogen.sh
  14. ChangeLog
  15. CMakeLists.txt
  16. configure.ac
  17. GNUmakefile.am
  18. Makefile
  19. Makefile.shared
  20. WebKit.pro
  21. wscript