From d914c58c7ee07f0d7598cee3491b815bd8d8bc23 Mon Sep 17 00:00:00 2001
From: Vladimir Belyavsky <belyavskyv@gmail.com>
Date: Mon, 15 Apr 2024 18:47:05 +0300
Subject: [PATCH] QTextLayout: keep strong reference on font engine in a layout
 loop

This is speculative fix for the crashes in QTextLine::layout_helper()
we're observing on users side.

The possible reason is in that fontEngine and previousGlyphFontEngine,
which are stored in LBH, became invalid during the layout cycle
(destroyed by trimming font cache?).

To prevent this we need to handle font engine's ref-counter
gracefully, so just wrap them into QExplicitlySharedDataPointer.

As a drive-by change, use in-class initialization for LBH members.

Task-number: QTBUG-117500
Pick-to: 5.15 6.2 6.5 6.7
Change-Id: I6987a2b5618bb4ba8762f2ef01b4ce0dd60cb232
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
---
 src/gui/text/qtextlayout.cpp | 29 ++++++++++++-----------------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp
index 87c524ffc16..f0c7dd24e5b 100644
--- a/src/gui/text/qtextlayout.cpp
+++ b/src/gui/text/qtextlayout.cpp
@@ -1668,23 +1668,18 @@ namespace {
 
     struct LineBreakHelper
     {
-        LineBreakHelper()
-            : glyphCount(0), maxGlyphs(0), currentPosition(0), fontEngine(nullptr), logClusters(nullptr),
-              manualWrap(false), whiteSpaceOrObject(true)
-        {
-        }
-
+        LineBreakHelper() = default;
 
         QScriptLine tmpData;
         QScriptLine spaceData;
 
         QGlyphLayout glyphs;
 
-        int glyphCount;
-        int maxGlyphs;
-        int currentPosition;
-        glyph_t previousGlyph;
-        QFontEngine *previousGlyphFontEngine;
+        int glyphCount = 0;
+        int maxGlyphs = 0;
+        int currentPosition = 0;
+        glyph_t previousGlyph = 0;
+        QExplicitlySharedDataPointer<QFontEngine> previousGlyphFontEngine;
 
         QFixed minw;
         QFixed currentSoftHyphenWidth;
@@ -1692,11 +1687,11 @@ namespace {
         QFixed rightBearing;
         QFixed minimumRightBearing;
 
-        QFontEngine *fontEngine;
-        const unsigned short *logClusters;
+        QExplicitlySharedDataPointer<QFontEngine> fontEngine;
+        const unsigned short *logClusters = nullptr;
 
-        bool manualWrap;
-        bool whiteSpaceOrObject;
+        bool manualWrap = false;
+        bool whiteSpaceOrObject = true;
 
         bool checkFullOtherwiseExtend(QScriptLine &line);
 
@@ -1740,13 +1735,13 @@ namespace {
         {
             if (currentPosition <= 0)
                 return;
-            calculateRightBearing(fontEngine, currentGlyph());
+            calculateRightBearing(fontEngine.data(), currentGlyph());
         }
 
         inline void calculateRightBearingForPreviousGlyph()
         {
             if (previousGlyph > 0)
-                calculateRightBearing(previousGlyphFontEngine, previousGlyph);
+                calculateRightBearing(previousGlyphFontEngine.data(), previousGlyph);
         }
 
         static const QFixed RightBearingNotCalculated;