Bug 1640401 - allow unknown font types to sanitize for WR. r=jrmuizel
authorLee Salzman <lsalzman@mozilla.com>
Sat, 23 May 2020 23:56:41 +0000
changeset 2913083 ef3150fdf5ae71e7a98c5f1eed4fb4bdf5f15836
parent 2913082 1456dc5db988c4548df454eaa2fe57b60502ffa9
child 2913084 b8c14a842909cc9b2a828a34f9f1fd5670775f48
child 2913148 d93b536a646e81d5a119d3eb106c6db7006baa23
push id542231
push userbclary@mozilla.com
push dateSun, 24 May 2020 06:08:15 +0000
treeherdertry@5bd349510b42 [default view] [failures only]
reviewersjrmuizel
bugs1640401
milestone78.0a1
Bug 1640401 - allow unknown font types to sanitize for WR. r=jrmuizel WR may be sanitizing more fonts than just downloadable webfonts (any for which we couldn't generate a descriptor), so we need to be more permissive about what font types we allow that the content process would normally skip. Differential Revision: https://phabricator.services.mozilla.com/D76608
gfx/layers/wr/WebRenderBridgeParent.cpp
gfx/thebes/gfxOTSUtils.h
--- a/gfx/layers/wr/WebRenderBridgeParent.cpp
+++ b/gfx/layers/wr/WebRenderBridgeParent.cpp
@@ -451,19 +451,21 @@ static bool ReadRawFont(const OpAddRawFo
                         wr::TransactionBuilder& aUpdates) {
   wr::Vec<uint8_t> sourceBytes;
   Maybe<Range<uint8_t>> ptr =
       aReader.GetReadPointerOrCopy(aOp.bytes(), sourceBytes);
   if (ptr.isNothing()) {
     return false;
   }
   Range<uint8_t>& source = ptr.ref();
-  // Attempt to sanitize the font before passing it along for updating
+  // Attempt to sanitize the font before passing it along for updating.
+  // Ensure that we're not strict here about font types, since any font that
+  // failed generating a descriptor might end up here as raw font data.
   size_t lengthHint = gfxOTSContext::GuessSanitizedFontSize(
-      source.begin().get(), source.length());
+      source.begin().get(), source.length(), false);
   if (!lengthHint) {
     gfxCriticalNote << "Could not determine font type for sanitizing font "
                     << aOp.key().mHandle;
     return false;
   }
   gfxOTSExpandingMemoryStream<WROTSAlloc> output(lengthHint);
   gfxOTSContext otsContext;
   if (!otsContext.Process(&output, source.begin().get(), source.length())) {
--- a/gfx/thebes/gfxOTSUtils.h
+++ b/gfx/thebes/gfxOTSUtils.h
@@ -124,33 +124,40 @@ class MOZ_STACK_CLASS gfxOTSContext : pu
                                aTag == TRUETYPE_TAG('C', 'B', 'L', 'C'))) ||
         false) {
       return ots::TABLE_ACTION_PASSTHRU;
     }
     return ots::TABLE_ACTION_DEFAULT;
   }
 
   static size_t GuessSanitizedFontSize(size_t aLength,
-                                       gfxUserFontType aFontType) {
+                                       gfxUserFontType aFontType,
+                                       bool aStrict = true) {
     switch (aFontType) {
       case GFX_USERFONT_UNKNOWN:
-        return 0;
+        // If being permissive of unknown types, make a reasonable guess
+        // at how much room the sanitized font may take, if it passes. Just
+        // enough extra space to accomodate some growth without excessive
+        // bloat in case of large fonts. 1.5x is a reasonable compromise
+        // for growable vectors in general.
+        return aStrict || !aLength ? 0 : (aLength * 3) / 2;
       case GFX_USERFONT_WOFF:
         return aLength * 2;
       case GFX_USERFONT_WOFF2:
         return aLength * 3;
       default:
         return aLength;
     }
   }
 
-  static size_t GuessSanitizedFontSize(const uint8_t* aData, size_t aLength) {
+  static size_t GuessSanitizedFontSize(const uint8_t* aData, size_t aLength,
+                                       bool aStrict = true) {
     gfxUserFontType fontType =
         gfxFontUtils::DetermineFontDataType(aData, aLength);
-    return GuessSanitizedFontSize(aLength, fontType);
+    return GuessSanitizedFontSize(aLength, fontType, aStrict);
   }
 
  private:
   bool mCheckOTLTables;
   bool mCheckVariationTables;
   bool mKeepColorBitmaps;
 };