summaryrefslogtreecommitdiffstats
path: root/skia
diff options
context:
space:
mode:
authoryusukes@google.com <yusukes@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2009-12-18 01:33:49 +0000
committeryusukes@google.com <yusukes@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2009-12-18 01:33:49 +0000
commitc27e411de097d9da503f6d122e9df1083938ee45 (patch)
treeb566ab36d113faeb2c7379e72e903ab705699049 /skia
parent21e743205216812e6ca165313b7999f94f0fdc3e (diff)
downloadchromium_src-c27e411de097d9da503f6d122e9df1083938ee45.zip
chromium_src-c27e411de097d9da503f6d122e9df1083938ee45.tar.gz
chromium_src-c27e411de097d9da503f6d122e9df1083938ee45.tar.bz2
Returns an error immediately without sending IPC message when a font family name to resolve is too long.
This change is important when a site has @font-face rule like: // http://paulirish.com/webkit-fontface-hang.html @font-face{font-family:testfont;src:url('data:font/ttf;base64,AA.....<<looooooooooong base64 data>>.....aQ==')} In such a case, WebCore first calls SkFontHost::CreateTypeface() with the (possibly very long) data-uri string itself, then calls SkFontHost::CreateTypefaceFromStream() with decoded byte stream. Since render_sandbox_host_linux.cc just ignores too long IPC message, the renderer process could block indefinitely waiting for a reply inside recvmsg() system call called from SkFontHost::CreateTypeface(). I'm not sure if the WebCore behavior (i.e. calling CreateTypeface with data-uris) is reasonable, but I believe the Skia part is better to be fixed anyway. Non data-uri font family names could be very long too: @font-face{font-family:testfont;src:local('AA........AA');} BUG=29861 TEST=First, set up your Linux SUID Sandbox binary: http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment. Then start Chromium and visit http://paulirish.com/webkit-fontface-hang.html or http://typekit.com/. Verify that the renderer does not freeze. Review URL: http://codereview.chromium.org/507037 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34915 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'skia')
-rw-r--r--skia/ext/SkFontHost_fontconfig_direct.cpp3
-rw-r--r--skia/ext/SkFontHost_fontconfig_impl.h5
-rw-r--r--skia/ext/SkFontHost_fontconfig_ipc.cpp3
3 files changed, 10 insertions, 1 deletions
diff --git a/skia/ext/SkFontHost_fontconfig_direct.cpp b/skia/ext/SkFontHost_fontconfig_direct.cpp
index 3f19fc7..9434f51 100644
--- a/skia/ext/SkFontHost_fontconfig_direct.cpp
+++ b/skia/ext/SkFontHost_fontconfig_direct.cpp
@@ -46,6 +46,9 @@ bool FontConfigDirect::Match(std::string* result_family,
bool fileid_valid, unsigned fileid,
const std::string& family, bool* is_bold,
bool* is_italic) {
+ if (family.length() > kMaxFontFamilyLength)
+ return false;
+
SkAutoMutexAcquire ac(mutex_);
FcPattern* pattern = FcPatternCreate();
diff --git a/skia/ext/SkFontHost_fontconfig_impl.h b/skia/ext/SkFontHost_fontconfig_impl.h
index f3b4b41..d2f1d5d 100644
--- a/skia/ext/SkFontHost_fontconfig_impl.h
+++ b/skia/ext/SkFontHost_fontconfig_impl.h
@@ -38,7 +38,8 @@ class FontConfigInterface {
* @param fileid the fileid (as returned by this function) which we are
* trying to match.
* @param family (optional) the family of the font that we are trying to
- * match.
+ * match. If the length of the |family| is greater then
+ * kMaxFontFamilyLength, this function should immediately return false.
* @param is_bold (optional, set to NULL to ignore, in/out)
* @param is_italic (optional, set to NULL to ignore, in/out)
* @return true iff successful.
@@ -55,6 +56,8 @@ class FontConfigInterface {
/** Open a font file given the fileid as returned by Match
*/
virtual int Open(unsigned fileid) = 0;
+
+ static const unsigned kMaxFontFamilyLength = 2048;
};
#endif // FontConfigInterface_DEFINED
diff --git a/skia/ext/SkFontHost_fontconfig_ipc.cpp b/skia/ext/SkFontHost_fontconfig_ipc.cpp
index ada7bc9..01bd393 100644
--- a/skia/ext/SkFontHost_fontconfig_ipc.cpp
+++ b/skia/ext/SkFontHost_fontconfig_ipc.cpp
@@ -41,6 +41,9 @@ bool FontConfigIPC::Match(std::string* result_family,
bool fileid_valid, unsigned fileid,
const std::string& family, bool* is_bold,
bool* is_italic) {
+ if (family.length() > kMaxFontFamilyLength)
+ return false;
+
Pickle request;
request.WriteInt(METHOD_MATCH);
request.WriteBool(fileid_valid);