diff options
| author | Jun Fang <jun_fang@foxitsoftware.com> | 2016-01-11 20:20:39 +0800 |
|---|---|---|
| committer | Jun Fang <jun_fang@foxitsoftware.com> | 2016-01-11 20:20:39 +0800 |
| commit | bdb769f98740b4ac13f40ed512e2d111df5fd6be (patch) | |
| tree | 0dc19c0db29c026987a53d02cad64db728c0cc52 | |
| parent | 0a4180ad29132e9a988e64a513c9cd0724d8585f (diff) | |
| download | pdfium-bdb769f98740b4ac13f40ed512e2d111df5fd6be.tar.xz | |
Merge to M48: Add CFX_FontMapper::IsBuiltinFace() in master branch
BUG=452793, 561478
TBR=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1511613005 .
Merge to M48: Fix heap-use-after-free in FT_Stream_ReleaseFrame
BUG=452793,561478
TBR=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1512873002 .
Review URL: https://codereview.chromium.org/1508343004 .
Review URL: https://codereview.chromium.org/1571323002 .
| -rw-r--r-- | core/include/fxge/fx_font.h | 1 | ||||
| -rw-r--r-- | core/src/fxge/ge/fx_ge_fontmap.cpp | 32 | ||||
| -rw-r--r-- | core/src/fxge/ge/text_int.h | 5 |
3 files changed, 30 insertions, 8 deletions
diff --git a/core/include/fxge/fx_font.h b/core/include/fxge/fx_font.h index bc76c6e2e2..3fd0c92652 100644 --- a/core/include/fxge/fx_font.h +++ b/core/include/fxge/fx_font.h @@ -257,6 +257,7 @@ class CFX_FontMapper { int italic_angle, int CharsetCP, CFX_SubstFont* pSubstFont); + FX_BOOL IsBuiltinFace(const FXFT_Face face) const; private: static const size_t MM_FACE_COUNT = 2; diff --git a/core/src/fxge/ge/fx_ge_fontmap.cpp b/core/src/fxge/ge/fx_ge_fontmap.cpp index 3f1ce757d6..f531bc08bc 100644 --- a/core/src/fxge/ge/fx_ge_fontmap.cpp +++ b/core/src/fxge/ge/fx_ge_fontmap.cpp @@ -437,10 +437,10 @@ CTTFontDesc::~CTTFontDesc() { } FX_Free(m_pFontData); } -FX_BOOL CTTFontDesc::ReleaseFace(FXFT_Face face) { +int CTTFontDesc::ReleaseFace(FXFT_Face face) { if (m_Type == 1) { if (m_SingleFace.m_pFace != face) { - return FALSE; + return -1; } } else if (m_Type == 2) { int i; @@ -449,15 +449,15 @@ FX_BOOL CTTFontDesc::ReleaseFace(FXFT_Face face) { break; } if (i == 16) { - return FALSE; + return -1; } } m_RefCount--; if (m_RefCount) { - return FALSE; + return m_RefCount; } delete this; - return TRUE; + return 0; } CFX_FontMgr::CFX_FontMgr() : m_FTLibrary(nullptr) { @@ -621,13 +621,20 @@ void CFX_FontMgr::ReleaseFace(FXFT_Face face) { if (!face) { return; } + FX_BOOL bNeedFaceDone = TRUE; auto it = m_FaceMap.begin(); while (it != m_FaceMap.end()) { auto temp = it++; - if (temp->second->ReleaseFace(face)) { + int nRet = temp->second->ReleaseFace(face); + if (nRet == -1) + continue; + bNeedFaceDone = FALSE; + if (nRet == 0) m_FaceMap.erase(temp); - } + break; } + if (bNeedFaceDone && !m_pBuiltinMapper->IsBuiltinFace(face)) + FXFT_Done_Face(face); } bool CFX_FontMgr::GetBuiltinFont(size_t index, @@ -1208,6 +1215,17 @@ FXFT_Face CFX_FontMapper::FindSubstFont(const CFX_ByteString& name, m_pFontInfo->DeleteFont(hFont); return face; } +FX_BOOL CFX_FontMapper::IsBuiltinFace(const FXFT_Face face) const { + for (int i = 0; i < MM_FACE_COUNT; ++i) { + if (m_MMFaces[i] == face) + return TRUE; + } + for (int i = 0; i < FOXIT_FACE_COUNT; ++i) { + if (m_FoxitFaces[i] == face) + return TRUE; + } + return FALSE; +} extern "C" { unsigned long _FTStreamRead(FXFT_Stream stream, unsigned long offset, diff --git a/core/src/fxge/ge/text_int.h b/core/src/fxge/ge/text_int.h index f17cf7f18f..1b96cfbdd2 100644 --- a/core/src/fxge/ge/text_int.h +++ b/core/src/fxge/ge/text_int.h @@ -29,7 +29,10 @@ class CTTFontDesc { m_RefCount = 0; } ~CTTFontDesc(); - FX_BOOL ReleaseFace(FXFT_Face face); + // ret < 0, releaseface not appropriate for this object. + // ret == 0, object released + // ret > 0, object still alive, other referrers. + int ReleaseFace(FXFT_Face face); int m_Type; union { struct { |