Speculative follow-up for bug_974091.
A failed return from GetFixedFace() might result in the eventual
freeing of a pre-existing CTTFontDesc, so check before adding a new one.
Additionally, split the Get/Add calls so that Get isn't duplicating
work performed by Add.
Bug: chromium:974091
Change-Id: I874f7a85f5c162cd6c4832141a7dac4f6cc8d2b8
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/56331
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
diff --git a/core/fxge/cfx_fontmgr.cpp b/core/fxge/cfx_fontmgr.cpp
index f5ae895..d4d3cde 100644
--- a/core/fxge/cfx_fontmgr.cpp
+++ b/core/fxge/cfx_fontmgr.cpp
@@ -156,14 +156,7 @@
CTTFontDesc* pFontDesc = it->second.get();
*pFontData = pFontDesc->FontData();
int face_index = GetTTCIndex(pFontDesc->FontData(), ttc_size, font_offset);
- RetainPtr<CFX_Face> pFace(pFontDesc->GetFace(face_index));
- if (pFace)
- return pFace;
-
- pFace = GetFixedFace({pFontDesc->FontData(), static_cast<size_t>(ttc_size)},
- face_index);
- pFontDesc->SetFace(face_index, pFace.Get());
- return pFace;
+ return pdfium::WrapRetain(pFontDesc->GetFace(face_index));
}
RetainPtr<CFX_Face> CFX_FontMgr::AddCachedTTCFace(
@@ -175,9 +168,21 @@
int face_index = GetTTCIndex(pData.get(), ttc_size, font_offset);
RetainPtr<CFX_Face> face =
GetFixedFace({pData.get(), static_cast<size_t>(ttc_size)}, face_index);
- auto pFontDesc = pdfium::MakeUnique<CTTFontDesc>(std::move(pData));
+ if (!face)
+ return nullptr;
+
+ CTTFontDesc* pFontDesc = nullptr;
+ ByteString keyname = KeyNameFromSize(ttc_size, checksum);
+ auto it = m_FaceMap.find(keyname);
+ if (it != m_FaceMap.end())
+ pFontDesc = it->second.get();
+
+ if (!pFontDesc) {
+ auto pNewDesc = pdfium::MakeUnique<CTTFontDesc>(std::move(pData));
+ pFontDesc = pNewDesc.get();
+ m_FaceMap[keyname] = std::move(pNewDesc);
+ }
pFontDesc->SetFace(face_index, face.Get());
- m_FaceMap[KeyNameFromSize(ttc_size, checksum)] = std::move(pFontDesc);
return face;
}
