Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1924)

Issue 7127056: If getAdvance fails, getAdvanceData should not assert, but ignored (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
11 years, 11 months ago by edisonn
Modified:
11 years, 10 months ago
CC:
skia-review_googlegroups.com
Base URL:
http://skia.googlecode.com/svn/trunk/
Visibility:
Public.

Description

If getAdvance fails, getAdvanceData should not assert, but ignored. Committed: https://code.google.com/p/skia/source/detail?r=7341

Patch Set 1 #

Patch Set 2 : #

Patch Set 3 : #

Patch Set 4 : #

Patch Set 5 : #

Patch Set 6 : #

Patch Set 7 : #

Patch Set 8 : #

Patch Set 9 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+29 lines, -1 line) Patch
M src/core/SkAdvancedTypefaceMetrics.cpp View 1 2 3 4 5 6 7 8 1 chunk +3 lines, -1 line 0 comments Download
M tests/PDFPrimitivesTest.cpp View 1 2 3 4 5 6 7 8 3 chunks +26 lines, -0 lines 0 comments Download

Messages

Total messages: 27
edisonn
11 years, 11 months ago (2013-01-18 18:54:42 UTC) #1
Steve VanDeBogart
Why is getAdvance failing? It shouldn't.
11 years, 11 months ago (2013-01-18 18:57:26 UTC) #2
edisonn
When we render skp's if the input skp has issues, we should not assert on ...
11 years, 11 months ago (2013-01-18 19:03:40 UTC) #3
Steve VanDeBogart
On 2013/01/18 19:03:40, edisonn wrote: > When we render skp's if the input skp has ...
11 years, 11 months ago (2013-01-18 19:10:42 UTC) #4
edisonn
I do not agree. If I generate a bad SKP for any reason, we should ...
11 years, 11 months ago (2013-01-18 19:14:05 UTC) #5
Steve VanDeBogart
On 2013/01/18 19:14:05, edisonn wrote: > I do not agree. If I generate a bad ...
11 years, 11 months ago (2013-01-18 19:27:43 UTC) #6
Steve VanDeBogart
A simpler fix would probably be to write the OS type in the .skp file ...
11 years, 11 months ago (2013-01-18 19:28:43 UTC) #7
edisonn
Mike/Ben, how do you prefer to fix this? On Fri, Jan 18, 2013 at 2:28 ...
11 years, 11 months ago (2013-01-18 19:34:48 UTC) #8
reed1
If we say drawText, and I pass a bad glyphID, I do not expect it ...
11 years, 11 months ago (2013-01-18 19:59:53 UTC) #9
edisonn
Steve sked for the callstack #0 0x0000eb42 in SkAdvancedTypefaceMetrics::AdvanceMetric<short>* skia_advanced_typeface_metrics_utils::getAdvanceData<short, __CTFont const*>(__CTFont const*, int, unsigned ...
11 years, 11 months ago (2013-01-18 20:04:54 UTC) #10
edisonn
sorry, wrong callstack, had a breakpoint set but it was not actually at a crash ...
11 years, 11 months ago (2013-01-18 21:05:07 UTC) #11
Steve VanDeBogart
Alternate fix proposed here: https://codereview.appspot.com/7128058/
11 years, 11 months ago (2013-01-18 23:20:17 UTC) #12
edisonn
updated the fix, just make sure advance is set as invalid.
11 years, 10 months ago (2013-01-22 17:51:32 UTC) #13
Steve VanDeBogart
On 2013/01/22 17:51:32, edisonn wrote: > updated the fix, just make sure advance is set ...
11 years, 10 months ago (2013-01-22 17:59:11 UTC) #14
reed1
SkPaint paint; paint.setTextEncoding(SkPaint::kGlyphID_TextEncoding); uint16_t glyphID = 65000; canvas->drawText(&glyphID, 2, 0, 0, paint); If canvas is ...
11 years, 10 months ago (2013-01-22 18:14:01 UTC) #15
edisonn
It does fail, I added that code to rrect gm, and it fails I think ...
11 years, 10 months ago (2013-01-22 18:48:14 UTC) #16
Steve VanDeBogart
Sigh... I haven't looked at that case, but it should probably be handled higher up ...
11 years, 10 months ago (2013-01-22 18:52:19 UTC) #17
edisonn
Added a negative test gm (gmn/breakme.cpp) where we could add negative tests. This will ensure ...
11 years, 10 months ago (2013-01-22 19:01:33 UTC) #18
edisonn
we could, but now we need to put that check in all the callers, and ...
11 years, 10 months ago (2013-01-22 19:17:54 UTC) #19
reed1
This seems an incredibly small, clear change. We already call a function-ptr that is defined ...
11 years, 10 months ago (2013-01-23 14:35:35 UTC) #20
reed1
Lets move the negative test into tests/ where we already have tests that are document ...
11 years, 10 months ago (2013-01-23 14:37:20 UTC) #21
edisonn
On 2013/01/23 14:37:20, reed1 wrote: > Lets move the negative test into tests/ where we ...
11 years, 10 months ago (2013-01-23 15:20:17 UTC) #22
reed1
possible just name it test_issue#### and refer to a skia bug? The comment on the ...
11 years, 10 months ago (2013-01-23 15:42:17 UTC) #23
Steve VanDeBogart
On 2013/01/23 14:35:35, reed1 wrote: > This seems an incredibly small, clear change. We already ...
11 years, 10 months ago (2013-01-23 19:25:03 UTC) #24
edisonn
My reading of the current *code and comments*, is that if the id is not ...
11 years, 10 months ago (2013-01-23 19:46:34 UTC) #25
Steve VanDeBogart
On 2013/01/23 19:46:34, edisonn wrote: > My reading of the current *code and comments*, is ...
11 years, 10 months ago (2013-01-23 19:51:37 UTC) #26
edisonn
11 years, 10 months ago (2013-01-23 20:08:00 UTC) #27
On Wed, Jan 23, 2013 at 2:51 PM, <vandebo@chromium.org> wrote:

> On 2013/01/23 19:46:34, edisonn wrote:
>
>> My reading of the current *code and comments*, is that if the id is
>>
> not in
>
>> subset, the id gets ignored. So I do not see what is the difference
>>
> from
>
>> being ignored because "not on subset", or because "a function pointer
>>
> not
>
>> recognizing it".
>>
>
> This code is just generating the advance data for the font. Over in the
> draw text code, we've already used the invalid glyph id.
>
Nice. Ok, then I will revert the change.

>
>
>  Edi
>>
>
>
>  *// Get glyph id only when subset is NULL, or the id is in subset.*
>>
>> if (!subsetGlyphIDs || (subsetIndex < subsetGlyphIDsLength &&
>> static_cast<uint32_t>(gId)
>> == subsetGlyphIDs[subsetIndex])) { -
>>
> SkAssertResult(getAdvance(**fontHandle,
>
>> gId, &advance)); + if (!getAdvance(fontHandle, gId, &advance)) { +
>>
> advance
>
>> = kDontCareAdvance; + } ++subsetIndex; } else { advance =
>>
> kDontCareAdvance;
>
>
>  On Wed, Jan 23, 2013 at 2:25 PM, <mailto:vandebo@chromium.org> wrote:
>>
>
>  > On 2013/01/23 14:35:35, reed1 wrote:
>> >
>> >> This seems an incredibly small, clear change. We already call a
>> >>
>> > function-ptr
>> >
>> >> that is defined to return success/failure, and we make that call
>> >>
>> > inside an
>> >
>> >> if-block that is checking for valid glyphs already.
>> >>
>> >
>> >  Lets land this, since it fits in with the existing logic. If we
>>
> want
>
>> >>
>> > to explore
>> >
>> >> a runtime-error mechanism for Skia (which I think might be useful),
>> >>
>> > then I would
>> >
>> >> definitely want to look at validating-user-input for all of our
>> >>
>> > entry-points (in
>> >
>> >> PDF and all other backends.
>> >>
>> >
>> >  lgtm
>> >>
>> >
>> > I'll make one more argument for not doing this (reverting it) and
>>
> then
>
>> > let it drop.  The code asserted because it was a case that the code
>>
> was
>
>> > not prepared to handle.  The net result for the PDF code with this
>> > change is that we will now try to draw a glyph that is out of range
>>
> for
>
>> > the font.  As far as I know, the behavior for this is not defined by
>>
> the
>
>> > PDF spec (i.e. invalid PDF file), so it might tickle bugs in a PDF
>> > viewer... If it where to, I'd suspect an out of bounds array access,
>> > possibly leading to a segfault.
>> >
>> > I'd argue that validating the glyph list of up front - as my change
>>
> does
>
>> > - and leaving this assert is the right thing to do.  If there is a
>>
> hole
>
>> > in the validation, this assert will trigger, alerting us to the
>>
> problem.
>
>> >  On the other hand, with the change we may not realize that under
>> > certain conditions an invalid PDF is generated.
>> >
>> >
>>
>
> https://codereview.appspot.****com/7127056/%3Chttps://coderev**
> iew.appspot.com/7127056/ <http://codereview.appspot.com/7127056/>>
>
>> >
>>
>
>
>
>
https://codereview.appspot.**com/7127056/<https://codereview.appspot.com/7127...
>
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b