Closed
Bug 1161366
Opened 10 years ago
Closed 10 years ago
crash in FontFace.load when loading a second face for a font using unicode-range
Categories
(Core :: DOM: CSS Object Model, defect)
Core
DOM: CSS Object Model
Tracking
()
RESOLVED
FIXED
mozilla40
Tracking | Status | |
---|---|---|
firefox40 | --- | fixed |
People
(Reporter: heycam, Assigned: heycam)
References
Details
Attachments
(2 files)
196 bytes,
text/html
|
Details | |
2.16 KB,
patch
|
dbaron
:
review+
|
Details | Diff | Splinter Review |
The attachment will crash Firefox with a null pointer dereference if the Font Loading API is enabled (as it is currently on Nightly/Aurora).
Assignee | ||
Comment 1•10 years ago
|
||
This is because we're parsing the font descriptor values passing null for the sheet URI. The sheet URI gets stored in the URLValue, and then copied into the gfxFontFaceSrc object, where its operator== assumes that it is non-null.
Assignee | ||
Comment 2•10 years ago
|
||
Comment on attachment 8601252 [details] [diff] [review]
patch
Maybe call the variable docURI instead of just uri?
r=dbaron
Attachment #8601252 -
Flags: review?(dbaron) → review+
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
You need to log in
before you can comment on or make changes to this bug.
Description
•