From b29f9278dc0a60954366f7cc1578e6260b3e1bf6 Mon Sep 17 00:00:00 2001
From: Jonathan Kew <jkew@mozilla.com>
Date: Thu, 16 Jan 2020 03:08:55 +0000
Subject: [PATCH] Bug 1609184 - Don't try to apply skip-ink to 'sbix' fonts
 like Apple Color Emoji, to avoid possible Core Text crash. r=lsalzman

Differential Revision: https://phabricator.services.mozilla.com/D60081

--HG--
extra : moz-landing-system : lando
---
 layout/painting/nsCSSRendering.cpp | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/layout/painting/nsCSSRendering.cpp b/layout/painting/nsCSSRendering.cpp
index 6686b2f2b7ed..4f862603d89a 100644
--- a/layout/painting/nsCSSRendering.cpp
+++ b/layout/painting/nsCSSRendering.cpp
@@ -4100,9 +4100,17 @@ void nsCSSRendering::PaintDecorationLine(
       continue;
     }
 
-    // get the glyph run's font
-    SkFont font;
-    if (!GetSkFontFromGfxFont(aDrawTarget, iter.GetGlyphRun()->mFont, font)) {
+    gfxFont* font = iter.GetGlyphRun()->mFont;
+    // Don't try to apply skip-ink to 'sbix' fonts like Apple Color Emoji,
+    // because old macOS (10.9) may crash trying to retrieve glyph paths
+    // that don't exist.
+    if (font->GetFontEntry()->HasFontTable(TRUETYPE_TAG('s', 'b', 'i', 'x'))) {
+      continue;
+    }
+
+    // get a Skia version of the glyph run's font
+    SkFont skiafont;
+    if (!GetSkFontFromGfxFont(aDrawTarget, font, skiafont)) {
       PaintDecorationLineInternal(aFrame, aDrawTarget, aParams, rect);
       return;
     }
@@ -4110,7 +4118,7 @@ void nsCSSRendering::PaintDecorationLine(
     // Create a text blob with correctly positioned glyphs. This also updates
     // textPos.fX with the advance of the glyphs.
     sk_sp<const SkTextBlob> textBlob =
-        CreateTextBlob(textRun, characterGlyphs, font, spacing.Elements(),
+        CreateTextBlob(textRun, characterGlyphs, skiafont, spacing.Elements(),
                        iter.GetStringStart(), iter.GetStringEnd(),
                        (float)appUnitsPerDevPixel, textPos, spacingOffset);
 
@@ -4123,8 +4131,7 @@ void nsCSSRendering::PaintDecorationLine(
       // font-by-font basis since Skia lines up the text on a alphabetic
       // baseline, but for some vertical-* writing modes the offset is from the
       // center.
-      gfxFont::Metrics metrics =
-          iter.GetGlyphRun()->mFont->GetMetrics(nsFontMetrics::eHorizontal);
+      gfxFont::Metrics metrics = font->GetMetrics(nsFontMetrics::eHorizontal);
       Float centerToBaseline = (metrics.emAscent - metrics.emDescent) / 2.0f;
       GetPositioning(aParams, rect, oneCSSPixel, centerToBaseline, bounds);
     }