projects / platform / upstream / libHarfBuzzSharp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7d5e761)
Avoid accessing layout tables at face destruction
authorBehdad Esfahbod <behdad@behdad.org>
Mon, 29 Dec 2014 00:03:26 +0000 (16:03 -0800)
committerBehdad Esfahbod <behdad@behdad.org>
Mon, 29 Dec 2014 00:03:26 +0000 (16:03 -0800)
"Fixes" https://bugs.freedesktop.org/show_bug.cgi?id=86300

Based on discussion someone else who had a similar issue, most probably
the user is releasing FT_Face before destructing hb_face_t / hb_font_t.
While that's a client bug, and while we can (and should) use FreeType
refcounting to help avoid that, it happens that we were accessing
the table when we didn't really have to.  Avoid that.

src/hb-ot-layout-private.hh patch | blob | history
src/hb-ot-layout.cc patch | blob | history
src/hb-ot-shape-complex-arabic-fallback.hh patch | blob | history

diff --git a/src/hb-ot-layout-private.hh b/src/hb-ot-layout-private.hh
index ae7daa6..3f7c858 100644 (file)
--- a/src/hb-ot-layout-private.hh
+++ b/src/hb-ot-layout-private.hh
@@ -126,8 +126,7 @@ struct hb_ot_layout_lookup_accelerator_t
     lookup.add_coverage (&digest);
   }
 
-  template <typename TLookup>
-  inline void fini (const TLookup &lookup HB_UNUSED)
+  inline void fini (void)
   {
   }
 
diff --git a/src/hb-ot-layout.cc b/src/hb-ot-layout.cc
index 661d90e..602b94e 100644 (file)
--- a/src/hb-ot-layout.cc
+++ b/src/hb-ot-layout.cc
@@ -84,9 +84,9 @@ void
 _hb_ot_layout_destroy (hb_ot_layout_t *layout)
 {
   for (unsigned int i = 0; i < layout->gsub_lookup_count; i++)
-    layout->gsub_accels[i].fini (layout->gsub->get_lookup (i));
+    layout->gsub_accels[i].fini ();
   for (unsigned int i = 0; i < layout->gpos_lookup_count; i++)
-    layout->gpos_accels[i].fini (layout->gpos->get_lookup (i));
+    layout->gpos_accels[i].fini ();
 
   free (layout->gsub_accels);
   free (layout->gpos_accels);
diff --git a/src/hb-ot-shape-complex-arabic-fallback.hh b/src/hb-ot-shape-complex-arabic-fallback.hh
index dc659e0..a77f24e 100644 (file)
--- a/src/hb-ot-shape-complex-arabic-fallback.hh
+++ b/src/hb-ot-shape-complex-arabic-fallback.hh
@@ -327,7 +327,7 @@ arabic_fallback_plan_destroy (arabic_fallback_plan_t *fallback_plan)
   for (unsigned int i = 0; i < fallback_plan->num_lookups; i++)
     if (fallback_plan->lookup_array[i])
     {
-      fallback_plan->accel_array[i].fini (fallback_plan->lookup_array[i]);
+      fallback_plan->accel_array[i].fini ();
       if (fallback_plan->free_lookups)
        free (fallback_plan->lookup_array[i]);
     }
Domain: Dotnet / API;