Closed Bug 840869 Opened 11 years ago Closed 11 years ago

division-by-zero possible in gfxFont::Draw when mAdjusted == 0.0

Categories

(Core :: Graphics: Text, defect)

Product:
Core
Component:
Graphics: Text
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla21

People

(Reporter: romaxa, Assigned: romaxa)

References

Details

Attachments

(1 file)

Avoid 0.0f division
1.13 KB, patch
bas.schouten
: review+
Details | Diff | Splinter Review 
while testing skia backend (Gtk/Qt) I found that we have division by 0.0f here:
http://hg.mozilla.org/mozilla-central/diff/9fd54e12e670/gfx/thebes/gfxFont.cpp#l1.272,

which breaks matrix and later crashes in scaled cairo font creation

        Attachment #713283 -
        Flags: review?

    
  

        Attachment #713283 -
        Flags: review? → review?(bas)
OS: Linux → All
Hardware: x86_64 → All
Summary: NULL Pointer division possible in gfxFont::Draw when mAdjusted == 0.0 → division-by-zero possible in gfxFont::Draw when mAdjusted == 0.0
Version: unspecified → Trunk

    
    

    
  
Comment on attachment 713283 [details] [diff] [review]
Avoid 0.0f division

># HG changeset patch
># User Oleg Romashin <romaxa@gmail.com>
># Parent d509e44cae3effde6814bb08c7c8cf9808197917
>Bug 840869 - NULL Pointer division possible in gfxFont::Draw when mAdjusted == 0.0. r=bas

Drive-by nit: This doesn't have anything to do with pointers or NULL; I tweaked the bug-summary, but you should probably tweak the patch's commit message, too.

(Also, it'd be better if the checkin comment described the change rather than the problem, per https://developer.mozilla.org/en-US/docs/Developer_Guide/Committing_Rules_and_Responsibilities#Checkin_comment )

    
    

    
  
oh, yep you right... I guess I first created bug with wrong comment and later copied it into patch header

    
    

    
  
mAdjusted - is 0.0 here because PangoFonts dount touch that value at all
http://mxr.mozilla.org/mozilla-central/search?string=mAdjusted

    
    

    
  
Comment on attachment 713283 [details] [diff] [review]
Avoid 0.0f division

Review of attachment 713283 [details] [diff] [review]:
-----------------------------------------------------------------

::: gfx/thebes/gfxFont.cpp
@@ +2044,5 @@
>            // the glyphs, and not to their position.
>            mat = ToMatrix(*reinterpret_cast<gfxMatrix*>(&matrix));
>  
>            mat._11 = mat._22 = 1.0;
> +          float adjustedSize = mAdjustedSize ? mAdjustedSize : GetStyle()->size;

Since mAdjusted size is a float, please do mAdjustedSize > 0.

        Attachment #713283 -
        Flags: review?(bas) → review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/d73b0524cb1f

Is it possible to create a test for this?
Assignee: nobody → romaxa
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Target Milestone: --- → mozilla21

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: