summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--third_party/WebKit/LayoutTests/svg/text/invalid-non-bmp-characters.html22
-rw-r--r--third_party/WebKit/Source/core/layout/svg/SVGTextMetricsBuilder.cpp6
2 files changed, 28 insertions, 0 deletions
diff --git a/third_party/WebKit/LayoutTests/svg/text/invalid-non-bmp-characters.html b/third_party/WebKit/LayoutTests/svg/text/invalid-non-bmp-characters.html
new file mode 100644
index 0000000..0021de1
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/svg/text/invalid-non-bmp-characters.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<script src="../../resources/testharness.js"></script>
+<script src="../../resources/testharnessreport.js"></script>
+<svg id="svg" height="0" font-size="100">
+ <text id="text">
+ <!-- invalid non-bmp character followed by a valid character -->
+ <tspan>&#x90012;a</tspan>
+ <!-- many invalid non-bmp characters followed by a valid character -->
+ <tspan>&#x90012;&#x90012;&#x90012;&#x90012;a&#x90012;&#x90012;&#x90012;&#x90012;a</tspan>
+ <!-- alternating valid and invalid non-bmp characters -->
+ <tspan>&#128514;&#x90012;&#128514;&#x90012;&#128514;&#x90012;</tspan>
+ <!-- invalid non-bmp characters in rtl -->
+ <tspan direction="rtl">نشاط&#128514;نشاط&#x90012;&#x90012;ن&#x90012;شاط&#128514;نش&#x90012;اط&#x90012;ا</tspan>
+ </text>
+</svg>
+<script>
+test(function() {
+ text.getComputedTextLength();
+ svg.parentElement.removeChild(svg);
+}, 'Text runs with invalid non-bmp characters should not crash.');
+</script>
diff --git a/third_party/WebKit/Source/core/layout/svg/SVGTextMetricsBuilder.cpp b/third_party/WebKit/Source/core/layout/svg/SVGTextMetricsBuilder.cpp
index 8791737..7c212e9 100644
--- a/third_party/WebKit/Source/core/layout/svg/SVGTextMetricsBuilder.cpp
+++ b/third_party/WebKit/Source/core/layout/svg/SVGTextMetricsBuilder.cpp
@@ -161,6 +161,12 @@ unsigned SVGTextMetricsCalculator::updateSubrunRangesForCurrentPosition()
}
}
+ // TODO(pdr): m_subrunRanges can be too short in the presence of invalid
+ // unicode characters (see: crbug.com/595960). This is a temporary
+ // workaround to ensure the returned index is valid for m_subrunRages.
+ if (positionInRun >= m_subrunRanges.size())
+ return 0;
+
return positionInRun;
}