Font data is purged while fonts are still using it
https://bugs.webkit.org/show_bug.cgi?id=93640
Reviewed by Eric Seidel.
Source/WebCore:
Move the handling of custom font pruning from Document to FontFallbackList.
The previous inplementation allowed fonts to be removed before all their
clients were done. This change moves handling of custom font purging to the
FontFallbackList class, which is the shared object that is only removed
when all clients of a font are done with it. This fixes a crash in Angry
Birds due to a seamless iframe and some failing tests in fast/frames/seamless.
The specific element that causes problems is:
<iframe id="ingame_frame0" name="ingame_frame0" frameborder="0" seamless="true"
src="http://chrome.angrybirds.com/ingame_graphic.html"
onload="this.style.opacity = 1; parent.adLoaded();" scrolling="no"
style="opacity: 1; -webkit-transition: opacity 1s ease-in-out 0s;
position: absolute; border: 0px; width: 312px; height: 320px; z-index:
300; overflow: hidden; visibility: visible;"></iframe>
The source document uses the same font as the embedding document.
Tests: fast/frames/seamless/seamless-custom-font-pruning-crash.html
fast/frames/seamless/seamless-nested-crash.html
* css/CSSFontFaceSource.cpp:
(WebCore::CSSFontFaceSource::getFontData): Remove code to register the font with the document.
* css/CSSSegmentedFontFace.cpp:
(WebCore::CSSSegmentedFontFace::getFontData): Remove code to register the font with the document.
* dom/Document.cpp:
(WebCore::Document::~Document): Remove code that records and purges custom fonts.
(WebCore):
(WebCore::Document::reportMemoryUsage): Remove reference to non-existent objects.
* dom/Document.h:
(WebCore):
(Document): Remove method declarations for custom font handling.
* platform/graphics/FontFallbackList.h:
(FontFallbackList): Moved some code around and made non-copyable.
(WebCore::FontFallbackList::setGlyphPageZero): Moved.
(WebCore::FontFallbackList::setGlyphPages): Moved.
* platform/graphics/GlyphPageTreeNode.cpp:
(WebCore::GlyphPageTreeNode::pruneFontData): Removed unnecessary null check.
* platform/graphics/SegmentedFontData.cpp:
(WebCore::SegmentedFontData::~SegmentedFontData): Added code to prune the Glyph pages when this is deleted.
* platform/graphics/SimpleFontData.cpp:
(WebCore::SimpleFontData::~SimpleFontData): Added code to prune the Glyph pages when this is deleted.
LayoutTests:
Tests for font purging. The seamless-custom-font-pruning-crash test
was only failing in Chromium Asan, while the seamless-nested-crash
case was only failing in Asan DumpRenderTree.
* fast/frames/seamless/seamless-custom-font-pruning-crash-expected.txt: Added.
* fast/frames/seamless/seamless-custom-font-pruning-crash.html: Added.
* fast/frames/seamless/seamless-nested-crash-expected.txt: Added.
* fast/frames/seamless/seamless-nested-crash.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@130319 268f45cc-cd09-0410-ab3c-d52691b4dbfc
9 files changed
