Bug 156796

Summary: Use Optional<size_t> for OrderIterator::m_orderIndex instead of int
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: Layout and RenderingAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, commit-queue, darin, ddkilzer, esprehn+autocc, glenn, kondapallykalyan, sam, simon.fraser, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=156804
Attachments:
Description Flags
Patch none

Description Chris Dumez 2016-04-20 10:47:32 PDT 
Use Optional<size_t> for OrderIterator::m_orderIndex instead of int (with invalid value of -1). m_orderIndex a vector index and therefore is in the range of an unsigned (type used internally by Vector, even though the index is exposed as size_t). Therefore, assigning it to an int is unsafe as it may overflow.

This may fix <rdar://problem/23410338> which is a top crasher.
Comment 1 Chris Dumez 2016-04-20 10:57:13 PDT 
Created attachment 276832 [details]
Patch
Comment 2 WebKit Commit Bot 2016-04-20 14:07:19 PDT 
Comment on attachment 276832 [details]
Patch

Clearing flags on attachment: 276832

Committed r199785: <http://trac.webkit.org/changeset/199785>
Comment 3 WebKit Commit Bot 2016-04-20 14:07:24 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 4 David Kilzer (:ddkilzer) 2016-04-22 04:29:47 PDT 
<rdar://problem/23410338>