chore: cherry-pick ecdec1fb0f42 from chromium #26867
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
electron-cation
bot
added
new-pr 🌱
nornagon
approved these changes
Dec 8, 2020
ppontes
force-pushed
the
cherry-pick/9-x-y/chromium/ecdec1fb0f42
branch
from
46685f9
to
a4b2d1d
Compare
jkleinsc
approved these changes
Dec 10, 2020
|
Release Notes Persisted
|
|
Nit: it's best if we include the crbug ID in the release notes |
belenko
pushed a commit
that referenced
this pull request
Dec 14, 2020
* chore: cherry-pick ecdec1fb0f42 from chromium * update patches Co-authored-by: Electron Bot <electron@github.com>
This was referenced Mar 7, 2021
This was referenced Mar 14, 2021
This was referenced Mar 15, 2021
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix text eliding for single-codepoint text with BiDi
This CL is fixing a corner case where RenderText::Elide(...) may
produce a text with more codepoints than the original one. This is
an issue since the breaklists are not resized and the overflow
will lead the render_text code to perfoarm an out-of-bound memory
access by deferencing breaks_.end() while rendering the text. This
is causing chrome to crash.
See crbug/1142020 for details.
The bug was happening when:
of the ellipsis glyph
(smaller than codepoint width, but larger than ellipsis width)
A possible solution is to adjust the breaklist but this required
larger refactoring and cannot be a minimal patch to be merge on
other channels.
TBR=msw@chromium.org
(cherry picked from commit e54920751871321474e0b953329c8aedcc8702c3)
Bug: 1142020
Change-Id: I9854651175562ec5f0d0bf7083a8da99fede0e29
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2522892
Commit-Queue: Etienne Bergeron etienneb@chromium.org
Reviewed-by: Michael Wasserman msw@chromium.org
Cr-Original-Commit-Position: refs/heads/master@{#824878}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2537931
Reviewed-by: Etienne Bergeron etienneb@chromium.org
Cr-Commit-Position: refs/branch-heads/4240@{#1450}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Notes: Security: backported the fix to heap-buffer-overflow in gfx::internal::StyleIterator::GetTextBreakingRange.