From 3297fc5bbddb829a16974458a8fcca80c3152631 Mon Sep 17 00:00:00 2001 From: Matt Whitlock Date: Wed, 29 May 2024 07:48:55 -0400 Subject: [PATCH] WebCore::PathQt::platformPath(): don't return a temporary object `WebCore::Path::platformPath()` expects to be able to return the return value of `WebCore::PlatformPathImpl::platformPath()` as a `PlatformPathPtr` without creating a dangling reference. However, `WebCore::PathQt::platformPath()` is defined as returning a temporary `QPainterPath` object, which does become a dangling reference when returned by reference, leading to segfaults at runtime. This commit changes the return type of `WebCore::PathQt::platformPath()` to `PlatformPathPtr` (paralleling the definition of `WebCore::PathCG::platformPath()`), so as to avoid creating a temporary `QPainterPath` object, thereby avoiding the creation of a dangling reference when returning from `WebCore::Path::platformPath()`. Fixes: https://github.com/movableink/webkit/issues/37 --- Source/WebCore/platform/graphics/qt/PathQt.cpp | 2 +- Source/WebCore/platform/graphics/qt/PathQt.h | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/Source/WebCore/platform/graphics/qt/PathQt.cpp b/Source/WebCore/platform/graphics/qt/PathQt.cpp index f9a4599658005..33a27637e1e4c 100644 --- a/Source/WebCore/platform/graphics/qt/PathQt.cpp +++ b/Source/WebCore/platform/graphics/qt/PathQt.cpp @@ -110,7 +110,7 @@ Ref PathQt::copy() const return create(m_path); } -QPainterPath PathQt::platformPath() const +PlatformPathPtr PathQt::platformPath() const { return m_path; } diff --git a/Source/WebCore/platform/graphics/qt/PathQt.h b/Source/WebCore/platform/graphics/qt/PathQt.h index 8b249270836c8..b2b3ea581f7a6 100644 --- a/Source/WebCore/platform/graphics/qt/PathQt.h +++ b/Source/WebCore/platform/graphics/qt/PathQt.h @@ -52,7 +52,7 @@ class PathQt final : public PathImpl { PathQt& operator=(const PathQt&); PathQt& operator=(PathQt&& other); - QPainterPath platformPath() const; + PlatformPathPtr platformPath() const; void addPath(const PathQt&, const AffineTransform&); @@ -68,8 +68,6 @@ class PathQt final : public PathImpl { private: Ref copy() const final; - QPainterPath ensurePlatformPath() { return platformPath(); } - void add(PathMoveTo) final; void add(PathLineTo) final;