Fix infinite recursion crash in HarfBuzz' CoreText backend

The font cascade reconfiguration which was introduced as fix for AAT shaping performance regressions in crbug.com/547912 seems to occasionally cause CoreText crashes on OS X 10.9. We don't have a better way of detecting this than by OS or CoreText API version number. This is one of our top Mac crashers on Mac OS 10.9 with Chrome across versions [1]. This crash does not occur in newer versions of OS X and we can keep this important performance optimization enabled there. A big thanks to Robert Sesek (rsesek@) for the patient and thorough initial investigation. Discussing and working together on this issue we were able to identify the crash triggering code in HarfBuzz in this case. [1] https://bugs.chromium.org/p/chromium/issues/detail?id=576941#c74 BUG=576941, 625902 Review-Url: https://codereview.chromium.org/2173883002 Cr-Commit-Position: refs/heads/master@{#407185}

Fix infinite recursion crash in HarfBuzz' CoreText backend
The font cascade reconfiguration which was introduced as fix for AAT shaping performance regressions in crbug.com/547912 seems to occasionally cause CoreText crashes on OS X 10.9. We don't have a better way of detecting this than by OS or CoreText API version number. This is one of our top Mac crashers on Mac OS 10.9 with Chrome across versions [1]. This crash does not occur in newer versions of OS X and we can keep this important performance optimization enabled there. A big thanks to Robert Sesek (rsesek@) for the patient and thorough initial investigation. Discussing and working together on this issue we were able to identify the crash triggering code in HarfBuzz in this case. [1] https://bugs.chromium.org/p/chromium/issues/detail?id=576941#c74 BUG=576941, 625902 Review-Url: https://codereview.chromium.org/2173883002 Cr-Commit-Position: refs/heads/master@{#407185}
64a2d4d0 · drott · Commit bot · 02e29a49 · 64a2d4d0 · 64a2d4d0
Commit 64a2d4d0 authored Jul 22, 2016 by drott Committed by Commit bot Jul 22, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 0 deletions

third_party/harfbuzz-ng/README.chromium third_party/harfbuzz-ng/README.chromium +3 -0

third_party/harfbuzz-ng/src/hb-coretext.cc third_party/harfbuzz-ng/src/hb-coretext.cc +8 -0

No files found.
--- a/third_party/harfbuzz-ng/README.chromium
+++ b/third_party/harfbuzz-ng/README.chromium
@@ -18,3 +18,6 @@ hb-directwrite.*) from the tarball's src folder over to src, then checking for
 removed or added files and update our build recipes in BUILD.gn and
 harfbuzz.gyp accordingly, update the NEWS file from HarfBuzz' release notes,
 and bump the version numbers in README.chromium.
+Applied a local fix for an infinite recursion crash in hb-coretext on OS X 10.9,
+skipping the font cascade list reconfiguration on this OS version.
--- a/third_party/harfbuzz-ng/src/hb-coretext.cc
+++ b/third_party/harfbuzz-ng/src/hb-coretext.cc
@@ -145,6 +145,14 @@ create_ct_font (CGFontRef cg_font, CGFloat font_size)
    DEBUG_MSG (CORETEXT, cg_font, "Font CTFontCreateWithGraphicsFont() failed");
    return NULL;
  }
+  /* crbug.com/576941 and crbug.com/625902 and the investigation in the latter
+   * bug indicate that the cascade list reconfiguration occasionally causes
+   * crashes in CoreText on OS X 10.9, thus let's skip this step on older
+   * operating system versions. */
+  if (&CTGetCoreTextVersion != NULL && CTGetCoreTextVersion() < kCTVersionNumber10_10)
+    return ct_font;
  CFURLRef original_url = (CFURLRef)CTFontCopyAttribute(ct_font, kCTFontURLAttribute);
  /* Create font copy with cascade list that has LastResort first; this speeds up CoreText