<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css">
#telugu {
font-size: 2cm;
line-height: 1.5em;
font-family: "Lohit Telugu";
}
</style>
<script>
var ITERATIONS = 10000;
if (window.testRunner)
testRunner.waitUntilDone();
function mouseSelection() {
var body = document.body;
body.focus();
xStart = 0;
yStart = 0;
if (window.eventSender) {
eventSender.mouseMoveTo(xStart, yStart);
eventSender.mouseDown();
for(i=0;i<ITERATIONS;i++) {
randomCoord = randomCoordinate();
eventSender.mouseMoveTo(randomCoord.x, randomCoord.y);
}
}
if (window.testRunnder)
testRunner.notifyDone();
}
function randomCoordinate(axis) {
return { x: Math.floor(Math.random()*window.innerWidth),
y: Math.floor(Math.random()* window.innerHeight) }
}
</script>
</head>
<body onload="mouseSelection()"><p>
This test fuzzes HarfBuzzShaper::offsetForPosition to trigger an assertion in the downstream function characterIndexForXPosition().
See https://bugs.webkit.org/show_bug.cgi?id=92376 - reason of the assertion being hit is a minuscule floating point inaccuracy
between an if condition that gates the call to characterIndexForXPosition and the actual argument that's then given to the function.
This test works on WebKit EFL, with the Ubuntu Telugu Lohit font installed to the EFL jhbuild font directory, like:</p>
<pre>$ cp /usr/share/fonts/truetype/ttf-telugu-fonts/lohit_te.ttf WebKitBuild/Dependencies/Source/webkitgtk-test-fonts-0.0.3</pre>
<p>Run with:</p>
<pre>$ WebKitBuild/Debug/bin/DumpRenderTree ManualTests/harfbuzz-mouse-selection-crash.html</pre>
<p>Before the change, this would crash 10/10 times. Test passes if it does not crash.</p>
<p id="telugu">చేనేత కార్మికుల సమస్యలను ప్రభుత్వం దృష్టికి తీసుకువెళ్లేందుకు సిరిసిల్లలో వైఎస్ఆర్ సిపి గౌరవాధ్యక్షురాలు విజయమ్మ చేపట్టినదీక్ష విజయవంతమైంది.</p>
</body>
</html>