A user font glyph containing a font can cause deadlock in
_cairo_scaled_glyph_fini due to the destroy recording surface while
holding _cairo_scaled_glyph_page_cache_mutex. When the font in the
recording surface is removed from the page cache it will attempt to
also acquire the _cairo_scaled_glyph_page_cache_mutex resulting in
deadlock.
Instead of destroying the recording surface in
_cairo_scaled_glyph_page_cache_mutex, move it to an array in the
scaled font and destroy it after the
_cairo_scaled_glyph_page_cache_mutex is released.
Fixes the font in user font case in #440
When cairo_scaled_glyph_page_cache needs to remove entries,
cairo-cache calls _cairo_hash_table_random_entry() with the predicate
_cairo_scaled_glyph_page_can_remove(). This function checks that the
glyph_page scaled_font is not locked by testing
scaled_font->cache_frozen. The scaled font is locked in the
cache-cache destroy entry callback: _cairo_scaled_glyph_page_pluck().
There is a race condition here between testing
scaled_font->cache_frozen and locking the font. Fix this by adding a
new CAIRO_MUTEX_TRY_LOCK mutex operation, and using it to test and
lock the scaled font in _cairo_scaled_glyph_page_can_remove().
Fixes the multithreaded case in #440
testtables.js no longer works in modern browsers as local file access
has been disabled. This script runs a python http server that serves
the contents of the current directory then opens the test results in
the webbrowser
This reverts commit 9cfa510464.
The vs2017 amd64 and x86 jobs where marked as manual in MR !285 with
the following reasoning:
The CI runners for Windows are currently timing out on the fd.o
infrastructure. The issue is being worked on, but we should avoid
blocking our entire CI pipeline until it's fixed, as it sounds it is
going to take a while.
It is time to re-enable these jobs.
Signed-off-by: Uli Schlachter <psychon@znc.in>
SVG fonts are returning DWRITE_GLYPH_IMAGE_FORMATS_NONE as well
as DWRITE_GLYPH_IMAGE_FORMATS_SVG in GetCurrentRun() resulting in the
outline glyph and color glyph both rendered to the same glyph image.
CoreText uses different advances depending on the font size, with very
small point sizes sometimes getting advances that are smaller than the
glyph's width. This is manifested in the Apple Color Emoji font with the
Emoji glyphs having a width of 1.25 and an advance width of 1.0. That
results in overlapping emoji when they're in a string.
The small spacing difference also affects 3 tests so updated reference
images are included in this commit.
# Please enter the commit message for your changes. Lines starting
When `_cairo_svg_surface_create_for_document()` failed, it will free the
`document` by `_cairo_svg_document_destroy()`. But after `_cairo_svg_surface_create_for_document` return a error status, the `document` is still used and destoryed by `_cairo_svg_document_destroy()`.
We remove the redundant `_cairo_svg_document_destroy()` in `_cairo_svg_surface_create_for_stream_internal` to avoid this bug.
This fixes#561.
Signed-off-by: Feysh INC <opensource@feysh.com>
When `font_face` is freed by `cairo_font_face_destroy()` at line 1,150,
the following call `_cairo_font_face_set_error (font_face, status)`
causes a use after free.
We moved up the `_cairo_font_face_set_error (font_face, status)` before
`cairo_font_face_destroy()` to avoid the use after free.
Signed-off-by: Feysh INC <opensource@feysh.com>
When `_mono_scan_converter_init` failed,
`self->converter->polygon` will be freed by `polygon_fini()`. However,
the `bail` branch still called `polygon_fini()` to free
`self->converter->polygon`.
We remvoe the redundant `polygon_fini()` in `_mono_scan_converter_init`
to avoid the double free.
This fixes#557.
Signed-off-by: Feysh INC <opensource@feysh.com>
When taking the CAIRO_PS_COMPRESS_DEFLATE branch of the switch
statement in _cairo_ps_surface_emit_base85_string, memory is freed
a second time when closing the deflate_stream fails after performing a
write.
The status is now simply returned instead of attempting to free it
again.
There may be different versions of fonts with the same name. As an
additional check, compare the 'head' table wich contains the checksum
for the font.
Also, load the DWrite tables directly to avoid the memcpy in
load_truetype_table.
